Inspiration In today’s digital world, sharing private links often lacks control. Anyone can forward a link, making it vulnerable. Inspired by Samsung’s Private Share, we wanted to build a lightweight, device-bound secure sharing system using QR and session verification.
What it does
BindShare lets you share a private link that can only be accessed by a single, verified device. The sender scans a QR from the receiver, linking the session. Only the bound receiver can open the shared content — others are blocked.
How we built it We used:
- Node.js + Express for backend token generation and session validation
- UUID & WebSocket for unique token management and real-time confirmation
- JavaScript (frontend) for QR generation and session handling
- mkcert to enable secure HTTPS for local testing
Challenges we ran into
- Setting up local HTTPS using mkcert
- Binding QR session with proper timeout handling
- Preventing token regeneration if one is already pending
Accomplishments that we're proud of
- Fully working demo of device-bound link sharing
- Secure WebSocket communication between sender and receiver
- Token-based logic to avoid misuse or spamming of links
What we learned
- Real-time communication using WebSockets
- How to simulate secure link sharing with client-device binding
- Managing sessions and expiring tokens properly
What's next for BindShare
- Add encryption for shared content
- Create a mobile-friendly interface
- Support for biometric validation before access
- Optional self-destruction of links after one view
Built With
- css
- express.js
- html5
- mkcert
- node.js
- uuid
- websockets
Log in or sign up for Devpost to join the conversation.