ZeroBin – Because ignorance is bliss

• Easy to install (put the files, open the page)
• No database required.
• FAST
• Brain-dead easy to use: Paste text, click “Send”, share the URL.
• Data compressed and encrypted in the browser before sending to server. Uses 256 bits AES.
• Server has zero knowledge of data being stored. Your data is safe even in case of server breach or seizure.¹⁾
• Expiration: 10 minutes, 1 hour, 1 day, 1 month, 1 year, never or ”Burn after reading” (Destroyed when read).
• Automatic conversion of URLs into clickable links (http, https, ftp and magnet).
• Search engines are blind regarding paste content.
• Single button to clone an existing paste.
• Rate limiting: 10 seconds between each paste.
• Size limiting: 2 Mb per paste (of compressed and encrypted data – cleartext data can be larger).
• Discussions:
  • You can enable discussion on each paste.
  • Discussion is of course also encrypted/decrypted in the browser.
  • Server cannot see comments content or nicknames.
  • VisualHash on each post to identify IP addresses without revealing them. Same image = same IP. ²⁾
  • With paste expiration, you can have ad-hoc short-lived discussion which will disappear in the void after expiration.
  • Discussions cannot be indexed by search engines. Period.³⁾
  • Send a link by email to a friend for private discussions which will leave no trace in your email box, will not be indexed by searchengines, will not be read by robots and will never be archived.
• Free software
• GitHub access to source code.

Upcoming features:

• Syntax highligting.
• Password protection.

See screenshot page.

• Server:
  • php 5.2.6 or above.
  • GD
  • No database required.
• Client:
  • A modern, javascript-capable browser (See FAQ for list of supported browsers).

• Low server requirements, easy installation.
• Benevolent server admins can provide a service which protects their users privacy: text sharing and discussions.
• User data is protected even in case of server breach or seizure.
• Server admins cannot pro-actively moderate documents and (hopefuly) be held liable because they have no knowledge of data being shared and there is no searchengine.
• There is no public feed of google-indexable content (Google will not index documents except if you leak the URL).
• Admins can still remove a document upon injunction or infringement notice… but have no way to tell if the same document has been posted again.
• No advertising.

• Won’t work if javascript is disabled.
• Users still have to trust the server regarding the respect of their privacy. ZeroBin won’t protect the users against malicious servers.
• Won’t protect against Man-in-the-middle attacks (eg. javascript substitution)
• Shitty look in Internet Explorer (but who cares ?)

When pasting a text into ZeroBin:

• You paste your text in the browser and click the “Send” button.
• A random 256 bits key is generated in the browser.
• Data is compressed and encrypted with AES using specialized javascript libraries.
• Encrypted data is sent to server and stored.
• The browser displays the final URL with the key.
• The key is never transmitted to the server, which therefore cannot decrypt data.

When opening a ZeroBin URL:

• The browser requests encrypted data from the server
• The decryption key is in the anchor part of the URL (#…) which is never sent to server.
• Data is decrypted in the browser using the key and displayed.

http://sebsauvage.net/paste/?7a5dd0979f712164#QdnCROuH9eb/UXv3oBjBw3eOdb3y9p5n+/EAkUJZBxg=

• 7a5dd0979f712164 is the paste identifier.
• QdnCROuH9eb/UXv3oBjBw3eOdb3y9p5n+/EAkUJZBxg= is the decryption key. It is never sent to the server.

A test service is available at http://sebsauvage.net/paste/
(Please note that this is a test service: Data may be deleted anytime and the service may be shut down. Please do not abuse this service.)

Download Backup : zerobin_0.15_alpha