Suspicious.
The post itself reads authentic, but structural evidence shows coordinated manipulation: two commenters (u/username_tbd18 and u/mtsandeep) share an identical writing fingerprint (skeptical technical interrogation, stacked 'how will/how is' questions, fixation on breach risk), and three aged accounts were reactivated specifically to comment here. This manufactured comment section manufactures false concern to either tank the post or create a false objection pattern for later replay.
Hugin marked this suspicious because at least one meaningful risk signal appeared, but the scan did not reach the stronger likely-scam threshold.
- The final verdict text came from the AI verdict engine using the stored structural signal block.
- The scan reviewed 6 comments and 5 unique commenter accounts.
- Signal count: 2 high, 0 medium, 0 low flags; 4 coordination-class signals.
An account that sat silent for months and then suddenly wakes up to praise a promotional post is almost always a sold or recovered handle being weaponised for credibility.
Full evidence trailSources, public checklist, values lens, network map, account coverage, archive, and sharing tools.
Review before sharing.
Hugin reports are evidence packets, not accusations. Use the rating as a prompt to inspect sources, limitations, and archived material before quoting a claim elsewhere.
Built a web app that automatically finds your subscriptions from Gmail and reminds you before you’re charged. Looking for feedback.
Source checks
9 public comments loaded for r/buildinpublic.
Public comment bodies were retained with the report snapshot.
1 author age value was unavailable after Reddit profile JSON, old Reddit profile HTML, and archive fallbacks.
6 selected author histories checked; 1 unavailable, 2 partial, 5 archive fallback.
6 reply edges mapped.
1 same-hand writing pair surfaced.
0 unique external identifiers extracted.
0 prior archive matches returned.
Show your work
Deterministic explanation of the stored scan inputs behind the verdict. This is not hidden model reasoning; it is the evidence checklist Hugin can show publicly.
Hugin marked this suspicious because at least one meaningful risk signal appeared, but the scan did not reach the stronger likely-scam threshold.
- The final verdict text came from the AI verdict engine using the stored structural signal block.
- The scan reviewed 6 comments and 5 unique commenter accounts.
- Signal count: 2 high, 0 medium, 0 low flags; 4 coordination-class signals.
- The scan crossed the caution threshold, but did not show enough stacked proof for likely scam.
What pushed risk up
An account that sat silent for months and then suddenly wakes up to praise a promotional post is almost always a sold or recovered handle being weaponised for credibility.
- u/Jay-z27 — sat dormant 147d then lit up
- u/mtsandeep — sat dormant 6129d then lit up
- u/cssword — sat dormant 134d then lit up
Different usernames, same hand. Same idiosyncratic punctuation, filler vocabulary, and clause habits. The most common reason this happens on Reddit is one person running multiple accounts.
- u/username_tbd18 ↔ u/mtsandeep — Both use identical rhetorical move of skeptical technical interrogation with stacked questions about data security/encryption; both use 'how will/how is' clause pattern; both fixate on breach risk and local-only requirements; both use 'you are/you think' framing to challenge the OP directly.
1 commenter pair had medium-or-higher stylometry similarity.
- u/username_tbd18 / u/mtsandeep: high - Both use identical rhetorical move of skeptical technical interrogation with stacked questions about data security/encryption; both use 'how will/how is' clause pattern; both fixate on breach risk and local-only requirements; both use 'you are/you think' framing to challenge the OP directly.
3 author histories showed drop-in, dormant, or cross-promotion behavior.
- u/Jay-z27: dormant 147d
- u/mtsandeep: dormant 6129d
- u/cssword: dormant 134d
What limited confidence
1 scanned author had unknown account age. Profile metadata remained unavailable for 1 hosted fetch after archive fallbacks. Absence of young-account signals is lower confidence.
What kept the rating lower
Hugin mapped 6 reply edges and did not find a mutual-reply clique.
- 1 author account age was unavailable after profile metadata and archive fallbacks.
- 5 author age values are a lower-bound estimate from oldest archived public activity, not an official Reddit account-created timestamp.
- 1 selected author history was unavailable to the scan.
- Username shape alone is never treated as a finding; it is only context when stronger public signals also appear.
- Likely scam: multiple high-severity signals, prior identifier reuse, or several coordination signals stacking together.
- Suspicious: one high-severity signal, multiple medium signals, or one concrete coordination signal that deserves review.
- Inconclusive: weak, conflicting, or partial signals where the scan cannot justify either trust or a stronger warning.
- Looks legitimate: no structural red flags, available metadata, and clean coordination passes.
Values lens
Use scans to slow down, inspect public signals, and keep uncertainty visible. Never use them to harass, shame, or flatten people into a verdict.
Fair-use checks
- What was observed, and what is interpretation?
- What data is missing, blocked, or confidence-limiting?
- Would the wording feel fair if it were about someone you care about?
What the post is doing
- u/username_tbd18 and u/mtsandeep flagged as same-hand writer: identical rhetorical pattern (stacked technical questions, 'how will/how is' clause structure, 'you are/you think' direct challenge framin
- 3 aged accounts (u/mtsandeep: 6129d dormancy, u/sea-north7215: 30d dormancy, u/obsessed_founder113: brand new 8-item account) reactivated/created to comment within hours
- All 9 comments score 0 with 0% upvote ratio — suggests vote suppression or manufactured skepticism ring rather than organic feedback
- u/username_tbd18 posts twice with identical skeptical framing (first two comments) — repetitive sock-puppet pressure
- u/sea-north7215 and u/obsessed_founder113 share adjacent subs (r/buildinpublic, r/microsaas, r/smallbusiness cluster) consistent with operator-run network
Automated flags
An account that sat silent for months and then suddenly wakes up to praise a promotional post is almost always a sold or recovered handle being weaponised for credibility.
- u/Jay-z27 — sat dormant 147d then lit up
- u/mtsandeep — sat dormant 6129d then lit up
- u/cssword — sat dormant 134d then lit up
Different usernames, same hand. Same idiosyncratic punctuation, filler vocabulary, and clause habits. The most common reason this happens on Reddit is one person running multiple accounts.
- u/username_tbd18 ↔ u/mtsandeep — Both use identical rhetorical move of skeptical technical interrogation with stacked questions about data security/encryption; both use 'how will/how is' clause pattern; both fixate on breach risk and local-only requirements; both use 'you are/you think' framing to challenge the OP directly.
Coordination map
Who replied to whom in the scanned comments. Organic threads branch out from the post; accounts that reply back and forth to each other or hub around one shared identifier are the structural fingerprints of a coordinated pod. This shows the most significant pattern found, not every commenter.
Commenter patterns
Recent public Reddit activity for the OP and selected accounts, plus same-hand writing checks when the stylometry pass runs. These are coverage-limited evidence summaries, not identity or availability claims.
- r/interviews (7)
- r/DesiFragranceAddicts (5)
- r/FresherTechJobsIndia (5)
- r/buildinpublic (4)
- docs.google.com (1)
- i.redd.it (1)
Reddit blocked the recent-activity fetch from Hugin's scanner during this run. Treat this as missing coverage, not a finding about the account.
- r/selfhosted (14)
- r/obs (7)
- r/vibecoding (4)
- r/reddit.com (4)
- getadviced.com (4)
- i.redd.it (1)
- v.redd.it (1)
- r/motorcyclegear (4)
- r/lawnmowers (4)
- r/smallbusinessUS (2)
- r/buildinpublic (2)
- v.redd.it (1)
- i.redd.it (1)
Reddit returned only part of this account's recent public activity during the scan.
- r/buildinpublic (4)
- r/micro_saas (3)
- r/microsaas (1)
Reddit returned only part of this account's recent public activity during the scan.
- r/SaaS (3)
- r/buildinpublic (1)
- r/pdf (1)
- r/esp32 (1)
- u/username_tbd18 / u/mtsandeep high confidence - Both use identical rhetorical move of skeptical technical interrogation with stacked questions about data security/encryption; both use 'how will/how is' clause pattern; both fixate on breach risk and local-only requirements; both use 'you are/you think' framing to challenge the OP directly.
Account age coverage
OP and scanned commenters are shown when Hugin recovered profile metadata or an oldest-public-activity age floor. Lower-bound ages are labeled as estimates; unknown age remains missing coverage, not a finding about the account.
Archived evidence
Snapshot of the post and comments at scan time. Preserved here so the evidence survives even if it gets deleted on Reddit.
- u/Username_TBD18score 0So you think that people, instead of using budgeting apps or manual reminders, will instead let AI read all their emails?
- u/Jay-z27score 0Fair question. The Gmail integration is completely optional . It’s read-only and only used to detect recurring subscriptions and e-mandates, Without Gmail, you can still add recurring payments manually. The Gmail integration simply removes the most manual effort and keeps everything up to date automatically. The core question I’m trying to answer is whether that convenience provides enough value to opt in. Feedback like yours is exactly what I’m looking for.
- u/Username_TBD18score 0But if they need to enter the information manually, there’s other options already around. So the only real USP is a massive data breach waiting to happen. Sorry if that’s harsh, but that’s what it seems to me. Unless you can guarantee that this is all local-only and no data leaves the users device?
- u/Jay-z27score 0One thing I probably didn’t explain well is how the Gmail integration actually works. Subwise first looks for payment-related emails (using signals like the sender and subject) to identify potential recurring payments. It then processes only those relevant emails to confirm they’re actual subscriptions or recurring charges not things like promotional emails. Once a recurring payment is identified, I don’t store the email itself . I only store the structured information needed for the product to work, such as the service name, amount, renewal date, and your reminder preferences. The full email content isn’t retained in the database. Also, Gmail isn’t really the product, it’s just the easiest way to get started. If someone doesn’t want to connect Gmail, they can add recurring payments manually and still receive WhatsApp reminders, which is the part I’m actually trying to solve. My hypothesis is that a WhatsApp reminder is much harder to miss than another email or app notification buried in your inbox. That said, I completely understand that granting inbox access is a high bar for some people. If enough people feel the convenience isn’t worth that trade-off, that’s valuable feedback for me and something I need to improve.
- u/mtsandeepscore 0You are saying that you are only reading relevant emails, how will users believe that, is your code open-source self hostable? Also even if you dont store all email info, the structured info is enough to be stressful that a database breach will expose. How is database secured? Is data encrypted on rest? Is it end to end encrypted?
- u/Jay-z27score 0website- subwise.co.in
- u/Sea-North7215score 0interesting. one question if you dont mind, have you run into issues with services that barely send emails or change their sender all the time??
- u/Obsessed_Founder113score 0The WhatsApp angle is clever since most people actually check those messages, but you might see better retention if you let users snooze reminders instead of just deleting them, since plenty of subscriptions get paused rather than cancelled. Also worth testing whether people want reminders 7 days out versus 3 days out, because the optimal timing probably varies wildly depending on whether someone's checking credit card statements weekly or monthly.
Original on Reddit: https://www.reddit.com/r/buildinpublic/comments/1ulwnbs/built_a_web_app_that_automatically_finds_your/ — “Built a web app that automatically finds your subscriptions from Gmail and reminds you before you’re charged. Looking for feedback.”
Share this report
Share this link in a Reddit reply when the thread needs supporting evidence. The report stays public so anyone reading the thread can review the data themselves.
Reports like this stay free for everyone. Keep Hugin free →