It will be. Any time you offer something that allows anonymous uploads & shares (hell, sometimes even if you don't allow share, people will share accounts), it will be a silo 95% full of material that's illegal in practically every corner of the world.
If you play the good citizen and encrypt the files, giving the key to the owners, then you also don't have any means to preemptively detect and delete that stuff, you just keep waiting on some law agency knocking at your door. Also, if you openly say "hey I'll peek into your files to see if they are legal", then they will be the ones encrypting. Disallow that? It's a nightmare to detect and abusers are really, really creative! So much dedication too!
And it's not just CSAM, there will be detailed instructions on practically any illegal thing you couldn't even imagine.
It's bad, really bad, and I've grown to accept that small, closed community services (best with real-world connections) are the only way forward.
This. The reason why we don't have an un-siloed, general-purpose means of file transfer after 40 years of internet is probably more a legal than a technical one...
I would personally suggest that this site probably "wants" accounts. Yes, with CAPTCHAs (on registration.) If you want to be able to ban people who abuse your service, you'll need some thing-that-is-costly-to-get-multiple-of to ban them by. Otherwise they just keep coming back.
To still be a "console-friendly pastebin", the result of doing that costly registration process, could just be a page that gives you a (private) URL, that works like the base URL does now. https://paste.c-net.org/b/{bucket} or something, where {bucket} is a UUIDv4, or anything else with enough entropy to not be able to brute-force enumerate your way into someone else's account URL.
The uploaded files themselves could still have short human-writable top-level paths, for ease of repeating them over the phone.
Though, I notice that when you upload a file, you get a "delete key" as well as a URL. IMHO the "delete key" shouldn't be a weird nonstandard header you send with an HTTP DELETE; it should just be a URL — e.g. https://paste.c-net.org/b/{bucket}/{delete_key} — that you can HTTP DELETE directly.
In other words, make /b/{bucket}/{delete_key} the file's "true name", and /{link} a "read-only view" of the file.
When you say abused, I assume you mean either CSAM or copyrighted material?
Is there a hash database or something that could be queried to block known bad stuff? (would probably fail in the face of compression or encryption, but catching the low-hanging fruit would at least probably handle any potential legal liability?) Seems like something useful AI would actually work well for, if FBI/publishers/etc., would train a model and release it or host a service with an API.
If you run curl waste.st you also get the “manpage”
The goal was to make it do uploads without a ton of frameworks. The front page is around one request under 20K. It also has a special emoji url: https://[waste bin emoji].st that HN doesn’t support.
I love using 0x0.st for something similar - sharing files (not the purpose of a pastebin, where the file is to be viewed, not downloaded). Curl-based access is perfect :)
I would assume it means "the law in whatever country you're in." By definition, I can't break the North Korean law against criticizing their leader, it doesn't apply to me.
I self-host OFTN Zerodrop as a pastebin with CAPTCHA support along with binary uploads and conditional routing.
Unfortunately I still ended up taking down my publicly accessible demo to not have to deal with the legal risk of potential abuse, but this software is free for others to host and is written in Go.
> This is a console friendly pastebin that allows binary files. No fancy website, no intermediate pages to click through, and no CAPTCHAs.
The site is cool, but is it not just going to be abused?
It will be. Any time you offer something that allows anonymous uploads & shares (hell, sometimes even if you don't allow share, people will share accounts), it will be a silo 95% full of material that's illegal in practically every corner of the world.
If you play the good citizen and encrypt the files, giving the key to the owners, then you also don't have any means to preemptively detect and delete that stuff, you just keep waiting on some law agency knocking at your door. Also, if you openly say "hey I'll peek into your files to see if they are legal", then they will be the ones encrypting. Disallow that? It's a nightmare to detect and abusers are really, really creative! So much dedication too!
And it's not just CSAM, there will be detailed instructions on practically any illegal thing you couldn't even imagine.
It's bad, really bad, and I've grown to accept that small, closed community services (best with real-world connections) are the only way forward.
This. The reason why we don't have an un-siloed, general-purpose means of file transfer after 40 years of internet is probably more a legal than a technical one...
It very likely will be, yes.
I would personally suggest that this site probably "wants" accounts. Yes, with CAPTCHAs (on registration.) If you want to be able to ban people who abuse your service, you'll need some thing-that-is-costly-to-get-multiple-of to ban them by. Otherwise they just keep coming back.
To still be a "console-friendly pastebin", the result of doing that costly registration process, could just be a page that gives you a (private) URL, that works like the base URL does now. https://paste.c-net.org/b/{bucket} or something, where {bucket} is a UUIDv4, or anything else with enough entropy to not be able to brute-force enumerate your way into someone else's account URL.
The uploaded files themselves could still have short human-writable top-level paths, for ease of repeating them over the phone.
Though, I notice that when you upload a file, you get a "delete key" as well as a URL. IMHO the "delete key" shouldn't be a weird nonstandard header you send with an HTTP DELETE; it should just be a URL — e.g. https://paste.c-net.org/b/{bucket}/{delete_key} — that you can HTTP DELETE directly.
In other words, make /b/{bucket}/{delete_key} the file's "true name", and /{link} a "read-only view" of the file.
I have heard good things about https://www.stopforumspam.com/.
When you say abused, I assume you mean either CSAM or copyrighted material?
Is there a hash database or something that could be queried to block known bad stuff? (would probably fail in the face of compression or encryption, but catching the low-hanging fruit would at least probably handle any potential legal liability?) Seems like something useful AI would actually work well for, if FBI/publishers/etc., would train a model and release it or host a service with an API.
> catching the low-hanging fruit would at least probably handle any potential legal liability?
Actually No. It take 5 minutes to create a script to randomize a password, encrypt and upload.
Abusers have been doing the same for 20+ years and it is very effective.
I made a similar thing: https://waste.st/waste.1
If you run curl waste.st you also get the “manpage”
The goal was to make it do uploads without a ton of frameworks. The front page is around one request under 20K. It also has a special emoji url: https://[waste bin emoji].st that HN doesn’t support.
I love using 0x0.st for something similar - sharing files (not the purpose of a pastebin, where the file is to be viewed, not downloaded). Curl-based access is perfect :)
Check out https://txtd.cc it supports raw data for curl and custom urls & other stuff like markdown formatting.
punycode encoded: https://xn--108h.st/
This website has possibly the worst alternative to horizontal scrollbars I’ve ever seen: horizontal scrolling per paragraph.
Excellent! I’ll know where to upload my botnet payloads and CSAM!
I like it, but this could do with being just the slightest bit more specific:
> Don't break the law, don't post illegal shit, don't be an asshole.
The law in which country? All countries? Do I have to avoid uploading depictions of Mohammed, or insulting statements about the president of Turkiye?
President of Turkiye? Many years ago, a person I know got arrested for calling that guy "clueless" on Twitter under a nickname.
Disclaimer: Erdogan is the ultimate ruler, he's totally the best. That guy I know totally deserved it!!11
ps. I like my vacations in south Turkey.
When someone assumes you know what English-speaking country they're referring to, it is likely to be the US.
'ken oath mate, whenever I see people typing the queens I always reckon they're one of US.
I would assume it means "the law in whatever country you're in." By definition, I can't break the North Korean law against criticizing their leader, it doesn't apply to me.
Nice! I used a similar site, termbin.com, for some time now, though it uses netcat to upload files. Definitely useful!
I self-host OFTN Zerodrop as a pastebin with CAPTCHA support along with binary uploads and conditional routing.
Unfortunately I still ended up taking down my publicly accessible demo to not have to deal with the legal risk of potential abuse, but this software is free for others to host and is written in Go.
https://github.com/dutchcoders/transfer.sh/ is a similar project for self-hosting.
Very nice, and the urls use random words instead of random strings. Thank you.
https://paste.c-net.org/ImproperAttacked
https://paste.c-net.org/HanukkahDisplays
https://paste.c-net.org/HurtingJunior
This rules. Hope it stays up.
Not open source as far as I can tell?