November 25, 2020

Protecting the privacy of your shareable invitations

When you use Little Futures, you entrust us with private information so we can create your child’s invitation (their name and age, plus the date, time and address of the party). It is therefore vitally important to us that your shareable invitations are only accessible to your guests!

This post is an attempt to show the thought and care that goes into how we design the Little Futures application. Making sure your data is secure, while also making the system as simple to use as possible.

Security vs usability: Can you have your cake and eat it too?

Security is often in conflict with usability. One simple way to ensure that only guests can access an invitation is to require the parent to enter a list of permitted email addresses. Guests would then have to create an account on Little Futures and if the email matches they would, only then, be allowed to see the invitation.

This approach is secure, but not particularly usable. The parent has to enter a long list of emails (what if they only know someone’s phone number?), they need to know all the guests emails, and each guest must create an account (extra effort, plus what if they use a different email?). 

Little Futures is competing not only with other invitation providers, but also with any alternative choice a parent might make when preparing a party. For this reason we want to make sure that every process is simple. So what if you could just send a link?

A shareable link: usable and secure?

Sharing a link is far simpler. You can email, text, WhatsApp, or even write it in a letter! A simple implementation would look like where 7344 is the id of the event. This is a far more usable approach, however, there is a security concern. A malicious user could attempt to iterate through all event ids and try to find other events! We protect against this in 3 ways:

1. Random alphanumeric ids instead of incremental numbers

Incremental numbers are easy to guess. If you know there’s an event with id 7344, you can easily guess that other events may exist for 7343, 7345 etc. Instead of this, when an event is created we generate a random alphanumeric id (eg. 3KE3). Because they’re random, there is no way to know what comes next (3KE3 doesn’t mean the next event will be 3KE4). In addition, a 4-digit id only has 10,000 combinations (0 to 9999), whereas a 4-character alphanumeric id has 1,679,616 combinations! We added a few further tweaks to aid usability:

  • Accepts upper or lower case letters (in case you have to type the URL, you shouldn’t have to worry about getting the case right)
  • Doesn’t include similar letters and numbers (if you have to write or type the URL you shouldn’t have to work out whether it’s a capital i or a lowercase L)
  • Avoids ids that include swear words. The last thing we want is to generate a URL for a child’s birthday which includes the F-word!

2. Events become private as soon as the event is over

As soon as an event ends, the invitation becomes private and cannot be accessed even if you know the URL. We only want to show the event information for as long as it is relevant and it is good security practice to make it private as soon as it is no longer helpful.

3. Active monitoring for badly behaved visitors

We monitor all logs and if we detect a user is trying to guess event URLs we will proactively block them. This has not yet occurred but we are prepared if and when someone tries to.

We’ve got you covered

Birthdays, Christmas or any of your child’s special occasions. Create an invite with Little Futures and send it to your guests, we’ll ensure it’s simple and secure!

Little Futures

Children's invitations that give friends & family the option to contribute to your child's savings, experiences and charities.

Learn more
Little Futures

Invitations that care about
your child's future.

Cut down on environmentally unfriendly gifts by giving friends & family the option to contribute to your child's savings, experiences or a charity. All in a simple invitation.

Phone invite