Deleted

Cool idea!

TLDR:

• If you paste keys to a website, be sure the website can be trusted (this one looks safe by design at the moment)
• If you spot a website without a secure connection, don't type or paste any data you don't want to be stolen (this website is an exception, because no data is sent. It's safe!)

For security reasons people should be careful with using websites like these: they could easily send your data to the server, extract the keys, send the result back to the user, and meanwhile register the key with steam themselves. Resulting in the user having an extracted key, which is invalid because it has just been used.

However, a quick inspection learns me this particular website doesn't send your data back to the server, so it can't steal the keys. It looks safe!

Some more security advice: even though the website is safe now, it could start sending keys to the server (and thus the website owner) at any time.

And while we're at it: the site doesn't use a secure connection, which means a random attacker can inject code to intercept the keys. It's pretty far fetched though, because it's not an easy thing to do, and the return wouldn't be great. Or in other words: an attacker who can do that will probably target bad coded web stores to earn a lot more.

The lack of a secure connection would be far worse if the data was being sent to the server: it would be possible for anyone to intercept the keys, and it would even be easy if the user is using an unsecured Wifi (at some public place). But again this website is safe because there's no data being sent.

Seems like an easy way for someone to grab some free keys and rip off some people before they catch on?

Sorry I'm a little bitter about this stuff...

I'm not saying YOU (OP) are doing this... but you know just better to always be very cautious with ANYTHING like this.

Copycats will surely pop up.