My name is Edward Hsing.
I’m 18, and I build internet infrastructure.
Today, something I started at 15 serves over 400,000 users, with more than ...
For further actions, you may consider blocking this person and/or reporting abuse
there is something about starting young that removes the fear of shipping something imperfect. most people who start later overthink the domain choice, the name, the whole thing. you just bought it and figured it out. that compounding effect over years is hard to replicate
I second everything he said!
Ha - appreciated. That instinct to ship before it is perfect is genuinely hard to teach to people who started cautious.
The first website I ever made was using a free domain probably a lot like this service.
The line that stays: "Growth without permission." That's not a marketing strategy, it's the natural result of building something that solves a problem so cleanly that people tell each other about it before you've even announced it. No launch, no funding, no permission. Just a thing that worked.
This is a fantastic story. Your transition from a 15-year-old’s curiosity to managing a registry for 400,000 users is genuinely inspiring.
I particularly appreciated your focus on the "unsexy" side of scaling—handling abuse and maintenance. Using GitHub-based verification as a low-friction "identity cost" is a brilliant, practical solution to the spam problem. It’s rare to see a post that balances indie-hacker success with such grounded technical honesty. Thanks for proving that digital identity can be a public utility rather than just a luxury!
The abuse-at-scale challenge you described is something I think about a lot. I'm running a programmatic financial data site with 8,000+ stock tickers across 12 languages, and the moment real users start depending on your data, the operational burden shifts from "fun project" to "infrastructure responsibility" almost overnight. Your approach of behavioral pattern scoring and GitHub-based identity verification is really clever — it's essentially using social proof as a spam filter, which scales way better than manual review. Curious whether you've seen patterns where certain TLDs or registration patterns correlate more strongly with abuse, since that kind of signal could help other infrastructure builders design better defaults.
Yeah I’ve been trying to avoid heavy KYC for that reason.
GitHub OAuth helped mostly by adding friction. It doesn’t stop abuse, but it makes it slower and more expensive to scale, which already filters a lot.
On top of that I block some obvious keywords and patterns, especially stuff commonly used in abuse. Not perfect though, people still try to get around it with nested subdomains.
So a lot of it ends up being reactive too. I monitor abuse lists, work with some security providers, and automate takedowns when something shows up.
The part about keeping infrastructure alive being harder than building it really resonated. Ran a small open-source DNS tool for a while and the 3 AM alerts when something breaks hit different when people actually depend on it.
yeah this part really hits
at some point it just stops being a side project and turns into something people actually depend on, and that feels very different
those 3am moments are real lol
At 15 that’s impressive. Keep up the good work.
Awesome 👏🥹