Slashdot Mirror

← Back to Stories (view on slashdot.org)

Anonymous, People's Liberation Front Build Anonymous Data-Sharing Site

Posted by timothy on from the for-all-your-library-science-needs dept.

suraj.sun writes with these snippets from an article at Ars Technica: "Hacker group Anonymous and the People's Liberation Front have created a data-sharing site called AnonPaste.tk, meant to host pastes of code and other messages without any moderation or censorship of the information posted. The new site, which uses a free .tk web address, allows users to set a time for the paste to expire. It claims that data is encrypted and decrypted in the browser using 256 bit AES, so the server doesn't see any of the information included in the paste.The site says it's taking donations in the form of WePay or BitCoins. ... AnonPaste is built using open-source software called ZeroBin, created by French developer Sebastien Sauvage. According to Infoweek Sauvage has experience in creating online authentication systems for French banks, suggesting the creator knows a thing or two about encryption of data. Still, on the software's information page, Sauvage reminds potential users that ZeroBin software can not protect against potential Javascript attacks. 'Users still have to trust the server regarding the respect of their privacy,' he says. 'ZeroBin won't protect the users against malicious servers.'"

6 of 137 comments (clear)

  1. .tk, seriously? by jamesbrx · · Score: 5, Insightful

    This site will get it's domain removed faster than I can post this comment. The .tk admins have a long history of blatantly removing anything that might cause trouble, are porn and/or hijacking domains that are popular. Great choice there, indeed.

    1. Re:.tk, seriously? by Anonymous Coward · · Score: 5, Funny

      They should have set their servers up in Judea.

  2. Major Fail: ZeroBin requires the JavaScript by xiando · · Score: 4, Interesting

    I am NOT about to let you or your anonymous friends run JavaScript in my browser. No. That would compromise my security. The idea outlined in the summary sounds good, but the JavaScript-based implementation is bad. EPIC FAIL. Think of the Tor-users! They are not about to let their anonymity go by submitting to the evil JavaScript World Order.

    --
    9/11: Never forget it was a false-flag operation
  3. Cool, but... by betterunixthanunix · · Score: 4, Interesting

    ...we already have lots of ways to do this. We can encrypt and post to Usenet. We can use extensions like FireGPG to encrypt on post to websites. So why use a system where we place all our trust in the service provider, which is both theoretically risky and has failed in the past:

    http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/

    --
    Palm trees and 8
  4. Monty Python teaming up with Anonymous? by Anonymous Coward · · Score: 5, Funny

    Would that be the Peoples Liberation front of Judea or the Judean Peoples Liberation Front?

  5. Re:There are some problems with it by spydir31 · · Score: 4, Informative

    It runs on ZeroBin, which uses client side javascript to generate a random 256bit AES key, then compress and encrypt the text before sending it to the server. Comments are also compressed and encrypted. The key is never seen by the server, so the server can't decrypt your data.

    It uses the Stanford Javascript Crypto Library for its AES code, and its codebase is available on github.

    The system is vulnerable to an MITM attack, also a server admin may be able to reveal the poster's identity, but not the post's content