Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say.
You access the service at ybin.me.
Everybody has a right to privacy. Ybin has been created with a simple idea in mind. It’s a simple pastebin where you can paste anything privately with a simple to use, purely minimalistic user interface and no complicated options.
Ybin is based on the work of wonderful developer(s) behind an open-source encrypted pastebin project called ZeroBin (thank you). Most of the encryption algorithms used on ybin are taken directly from ZeroBin without modifications.
I can talk all I want about how private the service is, and how it works, but without the source code, those are just words with no meaning. Ybin is, of course, open-source and you can check out the full code on my github repository. Contributions are also more than welcome.
All data you paste through ybin is encrypted with AES256, which is borderline impossible to crack by bruteforcing. Check the following link to get a better idea. In short, exhausting half of the AES256 keyspace using resources we don’t yet have would take more time than the age of our beloved Universe.
- Information provided by your browser (including your IP address) is never stored on the server. All server logs are configured to go directly to /dev/null. Take a look at the following snippet from the nginx configuration file:
server_name ybin.me; access_log /dev/null main; error_log /dev/null;
- No metadata is stored when you submit a paste (including timestamps).
- Robots.txt disallows search engine crawlers to crawl and index pastes. Of course, this guarantees nothing since most of them ignore robots.txt anyway.
- It's only accessible through SSL. (thanks for the feedback, reddit)
Let's take a look at the following link: http://ybin.me/p/4eed1e530abe8348#aWImxYyjpqd62atEr1T9AP6rvHnO0vB1cvYvgifGmyM=.
First of all, you can see that the key is aWImxYyjpqd62atEr1T9AP6rvHnO0vB1cvYvgifGmyM=, extracted from the URL.
When you visit the link, you'll see the following pasted data:
Hello to zx readers from ybin!
But, the only data on the server of this paste is this:
Ybin does not, in any way, guarantee complete privacy and absolutely unbreakable encryption (as stated in Safety paragraph) while using the service. But, it tries to achieve the best possible privacy by using best practices.