Table des matières
ZeroBin - Because ignorance is bliss
TL;DR: ZeroBin is a minimalist, opensource online pastebin/discussion board where the server has zero knowledge of hosted data. Data is encrypted/decrypted in the browser using 256 bits AES. You can test it online.
Paste, share, discuss about it.
- Easy to install (put the files, open the page)
- No database required.
- Brain-dead easy to use: Paste text, click "Send", share the URL.
- Data compressed and encrypted in the browser before sending to server. Uses 256 bits AES.
- Server has zero knowledge of data being stored. Your data is safe even in case of server breach or seizure.1)
- Expiration: 5 minutes, 10 minutes, 1 hour, 1 day, 1 week, 1 month, 1 year or never.
- "Burn after reading" option: The paste is destroyed when read.
- Unique deletion URL generated for each paste.
- Automatic conversion of URLs into clickable links (http, https, ftp and magnet).
- Search engines are blind regarding paste content.
- Single button to clone an existing paste.
- Rate limiting: 10 seconds between each paste.
- Size limiting: 2 Mb per paste (of compressed and encrypted data - cleartext data can be larger).
- You can enable discussion on each paste.
- Discussion is of course also encrypted/decrypted in the browser.
- Server cannot see comments content or nicknames.
- VisualHash on each post to identify IP addresses without revealing them. Same image = same IP. 2)
- With paste expiration, you can have ad-hoc short-lived discussion which will disappear in the void after expiration. This will leave no trace of your discussions in your email boxes.
- Discussions cannot be indexed by search engines. Period.3)
- Send a link by email to a friend for private discussions which will leave no trace in your email box, will not be indexed by searchengines, will not be read by robots and will never be archived.
- Free software
- GitHub access to source code.
See screenshot page.
- php 5.2.6 or above.
- No database required.
- Low server requirements, easy installation.
- Benevolent server admins can provide a service which protects their users privacy: text sharing and discussions.
- User data is protected even in case of server breach or seizure.
- Server admins cannot pro-actively moderate documents and (hopefuly) be held liable because they have no knowledge of data being shared and there is no searchengine.
- There is no public feed of google-indexable content (Google will not index documents except if you leak the URL).
- Admins can still remove a document upon injunction or infringement notice… but have no way to tell if the same document has been posted again.
- No advertising.
- Users still have to trust the server regarding the respect of their privacy. ZeroBin won't protect the users against malicious servers.
- Shitty look in Internet Explorer (but who cares ?)
How does it work ?
When pasting a text into ZeroBin:
- You paste your text in the browser and click the "Send" button.
- A random 256 bits key is generated in the browser.
- Encrypted data is sent to server and stored.
- The browser displays the final URL with the key.
- The key is never transmitted to the server, which therefore cannot decrypt data.
When opening a ZeroBin URL:
- The browser requests encrypted data from the server
- The decryption key is in the anchor part of the URL (#…) which is never sent to server.
- Data is decrypted in the browser using the key and displayed.
- 7a5dd0979f712164 is the paste identifier.
- QdnCROuH9eb/UXv3oBjBw3eOdb3y9p5n+/EAkUJZBxg= is the decryption key. It is never sent to the server 4)
A test service is available at https://sebsauvage.net/paste/
(Please note that this is a test service: Data may be deleted anytime and the service may be shut down. Please do not abuse this service.)
ZeroBin is under the zlib/libpng OSI licence.
Unzip in a directory, open the page. Yes, that's all.
If you want to upgrade from a previous ZeroBin version, delete everything in your ZeroBin directory except the data directory, and unzip the new version.
- sebsauvage (sebsauvage at sebsauvage dot net, webmaster of https://sebsauvage.net)
- Discussion idea: PeaceCopathe.
- and contributors (on GitHub)
ZeroBin is on GitHub: https://github.com/sebsauvage/ZeroBin
Versions history is available in this page.
FAQ (Frequently Asked Questions)
The FAQ is in this page.
The project todo/ideas list is in this page.
Your remarks, suggestion, critics, ideas, bug reports are welcome in the ZeroBin discussion page.
After creating ZeroBin, I stumbled upon similar projects, but with different perspectives:
- ezcrypt.it. 128 bits AES, and very similar. Closed source, but sources will be opened soon.
- crypt.ch. 128 bits AES, and very similar. Closed source.
You can also have a look at:
- MyCryptoChat, browser-based encrypted chat. Chatroom expire.
- crypto.cat, a browser-based encrypted chat. 256 bits AES. Requires a browser addon.
- NoPlaintext.com, One-liner message, can only be read once.