Our great sponsors
-
ZeroBin
Discontinued This Project has been renamed and moved to https://github.com/PrivateBin/PrivateBin (by elrido)
-
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
-
-
So on to the UI: I see that you're not serving Javascript and advising that your users turn it off. IMO fear of real Javascript exploitation is largely based on tradition rather than a rational assessment of the real risk areas, but I'll assume that's your reason for not using any of the PrivateBin clones which offer browser-side encryption in addition to client-side encryption, the original, the pure-js one, the Go one. I get it. I don't expect people to trust the JavaScript I serve them either, my own opinions on the risk notwithstanding, so I don't bother with a PrivateBin clone either. But I don't advertise some model of privacy on my pastebin. It's very clear that the files aren't encrypted unless you encrypt them(But passwords are only in hash form if a password configured by the user) to avoid imparting a false sense of security.
... OK... It's just... FreeNet is a real thing and SkyNet is from a movie? Backing your storage with Freenet would have made the project more intriguing. You could make it so that any privfiles instance is capable of pushing files to/retrieving files from the Freenet distributed datastore my making it an FCP client, so anyone could set up a privfiles instance and use it to transparently fetch files uploaded from another entirely different privfiles instance.
So on to the UI: I see that you're not serving Javascript and advising that your users turn it off. IMO fear of real Javascript exploitation is largely based on tradition rather than a rational assessment of the real risk areas, but I'll assume that's your reason for not using any of the PrivateBin clones which offer browser-side encryption in addition to client-side encryption, the original, the pure-js one, the Go one. I get it. I don't expect people to trust the JavaScript I serve them either, my own opinions on the risk notwithstanding, so I don't bother with a PrivateBin clone either. But I don't advertise some model of privacy on my pastebin. It's very clear that the files aren't encrypted unless you encrypt them(But passwords are only in hash form if a password configured by the user) to avoid imparting a false sense of security.
So on to the UI: I see that you're not serving Javascript and advising that your users turn it off. IMO fear of real Javascript exploitation is largely based on tradition rather than a rational assessment of the real risk areas, but I'll assume that's your reason for not using any of the PrivateBin clones which offer browser-side encryption in addition to client-side encryption, the original, the pure-js one, the Go one. I get it. I don't expect people to trust the JavaScript I serve them either, my own opinions on the risk notwithstanding, so I don't bother with a PrivateBin clone either. But I don't advertise some model of privacy on my pastebin. It's very clear that the files aren't encrypted unless you encrypt them(But passwords are only in hash form if a password configured by the user) to avoid imparting a false sense of security.
But that means that you're not doing the encryption client-side unless people are using your zero-trust tool, so people are sending you unencrypted files and you are encrypting the file in-memory before you store it? But that means that I do have to trust you that you're actually not watching the files as they come in or run your python script. I'm perfectly capable of reading it and not really accusing you of anything, but at that point... couldn't I just do this on like, arbitrary login-less pastebins by piping text through GPG and then out to Uppity? Something like: . torsocks on && for svc in $(uppity --list-services); do echo "hello encrypted world" | gpg --passphrase "mypassphrase" --batch --quiet --yes --no-use-agent -o - | uppity -f - --service "$svc"; done would push my encrypted paste to every uppity supported pastebin using a password that never left my control, in a shell script simple enough for me to express it on reddit as a one-liner. I haven't tried to run it but I think it would even work. it directly integrates into privfiles & on our download page it will prompt uses to use the download tool. You can see exactly how the code works, without having to review a massive repo I mean OK but why should I trust fernet more than GPG? I'm not saying there aren't reasons but I'm not really sold on it.
