2019-07-08 14:00:32 -04:00
|
|
|
# [![PrivateBin](https://cdn.rawgit.com/PrivateBin/assets/master/images/preview/logoSmall.png)](https://privatebin.info/)
|
2013-02-22 18:44:06 -05:00
|
|
|
|
2020-01-08 13:31:06 -05:00
|
|
|
*Current version: 1.3.2*
|
2016-08-20 11:57:02 -04:00
|
|
|
|
2017-10-29 03:09:27 -04:00
|
|
|
**PrivateBin** is a minimalist, open source online [pastebin](https://en.wikipedia.org/wiki/Pastebin)
|
|
|
|
where the server has zero knowledge of pasted data.
|
2012-04-22 05:48:39 -04:00
|
|
|
|
2017-05-28 15:16:23 -04:00
|
|
|
Data is encrypted and decrypted in the browser using 256bit AES in [Galois Counter mode](https://en.wikipedia.org/wiki/Galois/Counter_Mode).
|
2012-04-22 05:48:39 -04:00
|
|
|
|
2016-07-03 13:17:16 -04:00
|
|
|
This is a fork of ZeroBin, originally developed by
|
2017-05-28 15:16:23 -04:00
|
|
|
[Sébastien Sauvage](https://github.com/sebsauvage/ZeroBin). ZeroBin was refactored
|
|
|
|
to allow easier and cleaner extensions. PrivateBin has many more features than the
|
2017-08-10 15:51:10 -04:00
|
|
|
original ZeroBin. It is, however, still fully compatible to the original ZeroBin 0.19
|
2017-05-28 15:16:23 -04:00
|
|
|
data storage scheme. Therefore, such installations can be upgraded to PrivateBin
|
2017-03-21 15:44:46 -04:00
|
|
|
without losing any data.
|
2015-08-23 12:09:34 -04:00
|
|
|
|
2016-07-09 06:23:53 -04:00
|
|
|
## What PrivateBin provides
|
2015-08-23 12:09:34 -04:00
|
|
|
|
2015-09-19 11:23:10 -04:00
|
|
|
+ As a server administrator you don't have to worry if your users post content
|
2015-08-23 12:09:34 -04:00
|
|
|
that is considered illegal in your country. You have no knowledge of any
|
2015-09-19 11:23:10 -04:00
|
|
|
of the pastes content. If requested or enforced, you can delete any paste from
|
|
|
|
your system.
|
2015-08-23 12:09:34 -04:00
|
|
|
|
2015-09-19 11:23:10 -04:00
|
|
|
+ Pastebin-like system to store text documents, code samples, etc.
|
2015-08-23 12:09:34 -04:00
|
|
|
|
2016-07-03 13:17:16 -04:00
|
|
|
+ Encryption of data sent to server.
|
2015-08-23 12:09:34 -04:00
|
|
|
|
2016-07-09 08:35:50 -04:00
|
|
|
+ Possibility to set a password which is required to read the paste. It further
|
2015-09-03 16:22:59 -04:00
|
|
|
protects a paste and prevents people stumbling upon your paste's link
|
|
|
|
from being able to read it without the password.
|
2015-09-02 08:07:31 -04:00
|
|
|
|
2015-08-23 12:09:34 -04:00
|
|
|
## What it doesn't provide
|
|
|
|
|
2017-08-10 15:54:38 -04:00
|
|
|
- As a user you have to trust the server administrator not to inject any malicious
|
|
|
|
javascript code.
|
2017-05-28 15:16:23 -04:00
|
|
|
For basic security, the PrivateBin installation *has to provide HTTPS*!
|
2017-08-10 15:51:10 -04:00
|
|
|
Otherwise you would also have to trust your internet provider, and any country
|
2017-08-10 15:54:38 -04:00
|
|
|
the traffic passes through.
|
2017-08-10 15:51:10 -04:00
|
|
|
Additionally the instance should be secured by
|
2015-11-09 14:43:24 -05:00
|
|
|
[HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) and
|
2016-08-24 17:28:54 -04:00
|
|
|
ideally by [HPKP](https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning) using a
|
2017-08-10 15:51:10 -04:00
|
|
|
certificate. It can use traditional certificate authorities and/or use
|
2016-07-09 08:35:50 -04:00
|
|
|
[DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions)
|
|
|
|
protected
|
2015-11-09 14:43:24 -05:00
|
|
|
[DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities)
|
|
|
|
record.
|
2015-08-23 12:09:34 -04:00
|
|
|
|
2015-09-02 08:07:31 -04:00
|
|
|
- The "key" used to encrypt the paste is part of the URL. If you publicly post
|
2017-05-28 15:16:23 -04:00
|
|
|
the URL of a paste that is not password-protected, anyone can read it.
|
|
|
|
Use a password if you want your paste to be private. In this case, make sure to
|
|
|
|
use a strong password and only share it privately and end-to-end-encrypted.
|
2015-08-23 12:09:34 -04:00
|
|
|
|
|
|
|
- A server admin might be forced to hand over access logs to the authorities.
|
2017-08-10 15:51:10 -04:00
|
|
|
PrivateBin encrypts your text and the discussion contents, but who accessed a
|
|
|
|
paste (first) might still be disclosed via access logs.
|
2015-08-23 12:09:34 -04:00
|
|
|
|
2016-07-09 08:35:50 -04:00
|
|
|
- In case of a server breach your data is secure as it is only stored encrypted
|
2017-05-28 15:16:23 -04:00
|
|
|
on the server. However, the server could be misused or the server admin could
|
2016-07-09 08:35:50 -04:00
|
|
|
be legally forced into sending malicious JavaScript to all web users, which
|
2017-05-28 15:16:23 -04:00
|
|
|
grabs the decryption key and sends it to the server when a user accesses a
|
2016-07-09 08:43:50 -04:00
|
|
|
PrivateBin.
|
2017-05-28 15:16:23 -04:00
|
|
|
Therefore, do not access any PrivateBin instance if you think it has been
|
2016-07-09 08:43:50 -04:00
|
|
|
compromised. As long as no user accesses this instance with a previously
|
2017-05-28 15:16:23 -04:00
|
|
|
generated URL, the content can't be decrypted.
|
2016-07-03 13:17:16 -04:00
|
|
|
|
2015-08-23 12:09:34 -04:00
|
|
|
## Options
|
|
|
|
|
|
|
|
Some features are optional and can be enabled or disabled in the [configuration
|
2016-07-09 06:25:15 -04:00
|
|
|
file](https://github.com/PrivateBin/PrivateBin/wiki/Configuration):
|
2015-08-23 12:09:34 -04:00
|
|
|
|
2015-09-19 11:23:10 -04:00
|
|
|
* Password protection
|
2015-09-03 16:22:59 -04:00
|
|
|
|
2016-08-22 04:34:37 -04:00
|
|
|
* Discussions, anonymous or with nicknames and IP based identicons or vizhashes
|
2015-08-23 12:09:34 -04:00
|
|
|
|
2015-09-19 11:23:10 -04:00
|
|
|
* Expiration times, including a "forever" and "burn after reading" option
|
2015-08-23 12:09:34 -04:00
|
|
|
|
2016-08-22 04:34:37 -04:00
|
|
|
* Markdown format support for HTML formatted pastes, including preview function
|
2015-08-23 12:09:34 -04:00
|
|
|
|
2016-07-09 08:35:50 -04:00
|
|
|
* Syntax highlighting for source code using prettify.js, including 4 prettify
|
|
|
|
themes
|
2015-08-23 12:09:34 -04:00
|
|
|
|
2016-07-09 08:35:50 -04:00
|
|
|
* File upload support, images get displayed (disabled by default, possibility
|
|
|
|
to adjust size limit)
|
2015-08-23 12:09:34 -04:00
|
|
|
|
2016-08-22 04:34:37 -04:00
|
|
|
* Templates: By default there are bootstrap CSS, darkstrap and "classic ZeroBin"
|
2018-06-30 11:14:38 -04:00
|
|
|
to choose from and it is easy to adapt these to your own websites layout or
|
|
|
|
create your own.
|
2015-08-23 12:09:34 -04:00
|
|
|
|
2016-07-09 08:35:50 -04:00
|
|
|
* Translation system and automatic browser language detection (if enabled in
|
|
|
|
browser)
|
2015-08-23 12:09:34 -04:00
|
|
|
|
2015-09-19 11:23:10 -04:00
|
|
|
* Language selection (disabled by default, as it uses a session cookie)
|
2015-08-23 12:09:34 -04:00
|
|
|
|
2018-06-30 11:14:38 -04:00
|
|
|
* QR code generation of URL, to easily transfer pastes over to a mobile device
|
|
|
|
|
2015-09-19 11:23:10 -04:00
|
|
|
## Further resources
|
2012-04-22 05:48:39 -04:00
|
|
|
|
2018-07-22 05:16:36 -04:00
|
|
|
* [Installation guide](https://github.com/PrivateBin/PrivateBin/blob/master/INSTALL.md#installation)
|
2012-04-22 05:48:39 -04:00
|
|
|
|
2016-07-09 08:35:50 -04:00
|
|
|
* [Upgrading from ZeroBin 0.19 Alpha](https://github.com/PrivateBin/PrivateBin/wiki/Upgrading-from-ZeroBin-0.19-Alpha)
|
2012-04-22 05:48:39 -04:00
|
|
|
|
2016-07-09 06:25:15 -04:00
|
|
|
* [Configuration guide](https://github.com/PrivateBin/PrivateBin/wiki/Configuration)
|
2012-04-22 05:48:39 -04:00
|
|
|
|
2016-07-09 06:25:15 -04:00
|
|
|
* [Templates](https://github.com/PrivateBin/PrivateBin/wiki/Templates)
|
2012-04-22 05:48:39 -04:00
|
|
|
|
2016-07-09 06:25:15 -04:00
|
|
|
* [Translation guide](https://github.com/PrivateBin/PrivateBin/wiki/Translation)
|
2012-04-22 05:48:39 -04:00
|
|
|
|
2016-07-09 06:25:15 -04:00
|
|
|
* [Developer guide](https://github.com/PrivateBin/PrivateBin/wiki/Development)
|
2012-04-22 05:48:39 -04:00
|
|
|
|
2016-07-19 08:30:44 -04:00
|
|
|
Run into any issues? Have ideas for further developments? Please
|
2016-07-09 06:25:15 -04:00
|
|
|
[report](https://github.com/PrivateBin/PrivateBin/issues) them!
|