Show HN: Open-source and transparent alternative to Honey
github.comHey everyone, After watching MegaLag’s investigation into the Honey affiliate scam, I decided to create something better. I’m 18, an open-source enthusiast, and this is my first big project that’s actually getting some attention.
It's called Syrup, a fully open-source and transparent alternative to Honey. My goal is to make a browser extension that’s honest, ethical, and user-focused, unlike the Honey.
I’m still figuring things out, from maintaining the project on GitHub to covering future costs for a custom marketing website. It’s not easy balancing all this as a university student, but I’m managing as best as I can because I really believe in this project.
If you’re interested, check it out! I’d love feedback, contributions, or just help spreading the word. Thanks for reading, and let’s make something awesome together.
In my view, coupon aggregation is a scam per se. You are either scamming the business (by extending a discount aimed at a particular group to anyone) or scamming other buyers (by contributing to a market segmentation between "savvy" and "dumb" consumers). I refuse to use a coupon applier out of principle, even if it were perfectly frictionless and trustworthy.
That’s a fair perspective, and I respect your stance. I understand the ethical concerns around segmentation, but my focus with Syrup is on creating a transparent and ethical alternative for those who choose to use such tools. I appreciate your take, it’s given me something to think about as I move forward.
>It's called Syrup, a fully open-source and transparent alternative to Honey. My goal is to make a browser extension that’s honest, ethical, [...]
If you want to make this solution for yourself and other very technically-savvy users like the HN crowd to use and collaborate on, that's fine. However, despite your declared good intentions, I would never recommend a browser extension like this to non-technical friends and family.
It doesn't matter if the browser extension has an "open source" repo because the maintainer of it can change in the future and then the code is altered to have unethical behavior that doesn't align with the original intentions. Basically a variation of a software dependency "supply-chain" attack. Examples include the xz backdoor and the first uBlock repo being bought by an advertising company (eyeo GmbH). The innocent non-techie browser users will not be sophisticated enough to monitor a Github repo to see if has been compromised and therefore, their "honest" browser plugin no longer does what they think. For those users, it's best to just manually search for coupons with Google/Bing.
Example of how a browser plugin places a "cognitive burden" on non-technical users and just confuses them:
- Chris Aljoudi takes over uBlock and tricks users : https://en.wikipedia.org/wiki/UBlock_Origin#uBlock_Origin
- https://old.reddit.com/r/uBlockOrigin/comments/ija23v/if_you...
- https://old.reddit.com/r/uBlockOrigin/comments/8uxcfv/ublock...
- https://news.ycombinator.com/item?id=26161702
- https://www.google.com/search?q=xz+backdoor+github+commit
You raise a really important issue, and I completely understand the hesitation around recommending browser extensions to non-technical users, even if they’re open-source. Supply-chain attacks and repo takeovers are valid concerns, and examples like you said the uBlock Origin situation highlight how things can go wrong.
With Syrup, my focus is on making it as transparent and community-driven as possible. That said, I agree it’s not a perfect solution for everyone, especially non-technical users who might not have the time or skills to monitor changes. Open-source alone doesn’t eliminate risks, and your point about cognitive load is fair—it’s something I need to think about more deeply.
One way I’m considering addressing this is by implementing robust safeguards, such as: - An open and transparent roadmap where changes and intentions are clearly communicated. - Encouraging a diverse, trusted group of maintainers rather than a single individual to reduce risks of compromise.
Ultimately, while Syrup might not solve every issue you’ve outlined, I hope it can be a step toward more ethical alternatives for those who value transparency. For non-techie users, maybe manual searches are the best approach right now, but I’d like to keep improving Syrup and exploring ways to make it safer for everyone.
Thanks again for your input, it’s giving me a lot to think about as I move forward with this project.
Perhaps a foundation or working group that manages the project collectively would help, as opposed to running it as an individual (benevolent) dictator for life.
Are you familiar with how Proton Mail/Proton AG was crowdfunded, and how it transitioned to a non-profit foundation structure, for example?
https://en.wikipedia.org/wiki/Proton_Mail
https://proton.me/blog/proton-non-profit-foundation
https://proton.me/foundation
Good video I watched recently on how the Honey scam works: https://www.youtube.com/watch?v=vc4yL3YTwWk
*Edit: Oh I see you mention it in the video on your project! Nice work.
Thanks!
I see the release is a "CRX" file, which doesn't seem to work with Firefox - are you planning a Firefox compatible release?
I edited the manifest to work on firefox, idk why the crx isn't working for firefox, but the load temporary does work. I will look into it and try and fix it
+1
Good work OP!
[dead]