0bin vs zerobin #454
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#454
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
https://0bin.net/ and https://zerobin.net/
both use the same source code, yet zerobin.net provides an onion domain (http://zerobinqmdqd236y.onion).
Perhaps we should consider swapping them?
Some facts for comparison. Please note that web servers which do not disclose version information can be vulnerable, too. There is no way to check this without server access.
https://0bin.net
https://zerobin.net
https://ghostbin.com
https://privatebin.info
https://hastebin.com
Edit (May 26, 2018): Updated findings.
Edit (May 27, 2018): Added further information and projects mentioned by @kewde and added hastebin.com which is also listed on privacytools.io
@Shifterovich
@infosec-handbook
Please run the same analytics for the following websites, their results will determine the order of the section.
https://ghostbin.com/
https://privatebin.info
I'm currently going to propose a replacement of 0bin with zerobin.net.
Then re-ordering it to: PrivateBin - ZeroBin - Ghostbin (unless your research shows a different picture).
https://github.com/PrivateBin/PrivateBin/wiki/FAQ#should-i-switch-from-zerobin-to-privatebin
@kewde
I added the results to the overview above. I also added hastebin.com which is currently listed on privacytools.io, too.
zerobin.net seems to be the only recommendable service when I look at the results. However, since zerobin.net doesn't disclose version information we can't be 100% sure that they don't use outdated software, too. Furthermore, I didn't look at the implementation of their code for secure pastebins.
In a nutshell:
Create a PR changing the order and adding some information. Regarding Ghostbin, we should warn users that while Ghostbin - the software - is good, ghostbin.com's security is worrisome.
@infosec-handbook
I believe the 10 third-party connections are related to the .info website (privatebin.info)? - which hosts the source code, in particular the 8 unique github badges will cause third party connections.
The actual pastebin website is the .net domain https://privatebin.net/
It's a bit unclear from your comment on which domain these third party connections are present.
Changing the privatebin url on the website to the .net domain.
Also out of curiosity - what tools are you using for the analysis?
It could perhaps be a standard procedure for analyzing websites we recommend.
Found it: https://infosec-handbook.eu/blog/online-assessment-tools/
@kewde
Right. https://privatebin.net/ has 0 connections to third parties and doesn't set cookies.
I use the web services mentioned in the blog article and several well-known tools like nmap, sslyze, sslscan, dig, openssl etc. to analyze web servers.
I think we shouldn't recommend it then. (#408)
hi guys, i've removed zerobin recently because of this message from the dev:
Source: https://sebsauvage.net/wiki/doku.php?id=php:zerobin
Seems like PrivateBin is the only choice at the moment? I've decided to link to our installation, too.
https://www.privacytools.io/providers/paste/
Should we remove Ghostbin? Replace it with something or just leave PrivateBin as the only choice?
Ghostbin now displays a message that it will be shutting down this month.
I guess PrivateBin is the only choice. Is there a way to integrate it with ShareX?
Ghostbin removed via #931
as we now list privatebin, this issue seems outdated, closing.