Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Anonymous, People's Liberation Front Build Anonymous Data-Sharing Site

timothy posted more than 2 years ago | from the for-all-your-library-science-needs dept.

Privacy 137

suraj.sun writes with these snippets from an article at Ars Technica: "Hacker group Anonymous and the People's Liberation Front have created a data-sharing site called AnonPaste.tk, meant to host pastes of code and other messages without any moderation or censorship of the information posted. The new site, which uses a free .tk web address, allows users to set a time for the paste to expire. It claims that data is encrypted and decrypted in the browser using 256 bit AES, so the server doesn't see any of the information included in the paste.The site says it's taking donations in the form of WePay or BitCoins. ... AnonPaste is built using open-source software called ZeroBin, created by French developer Sebastien Sauvage. According to Infoweek Sauvage has experience in creating online authentication systems for French banks, suggesting the creator knows a thing or two about encryption of data. Still, on the software's information page, Sauvage reminds potential users that ZeroBin software can not protect against potential Javascript attacks. 'Users still have to trust the server regarding the respect of their privacy,' he says. 'ZeroBin won't protect the users against malicious servers.'"

cancel ×

137 comments

Sorry! There are no comments related to the filter you selected.

Honeypot (0)

Anonymous Coward | more than 2 years ago | (#39762029)

Not that I trust so-called "Anonymous" in any way, shape or form, but I trust governments even less

.tk, seriously? (5, Insightful)

jamesbrx (2622061) | more than 2 years ago | (#39762039)

This site will get it's domain removed faster than I can post this comment. The .tk admins have a long history of blatantly removing anything that might cause trouble, are porn and/or hijacking domains that are popular. Great choice there, indeed.

Re:.tk, seriously? (2)

The MAZZTer (911996) | more than 2 years ago | (#39762067)

.tks are just frames to another site. So just bookmark the real one [peopleslib...nfront.net] if you're concerned about the .tk breaking.

Re:.tk, seriously? (1)

rs79 (71822) | more than 2 years ago | (#39767719)

I'm a bit leery about .tk too.

You know, we don't really need to use a domain for this. What's google's DNS server? It probably does have a domain but everyone knows it's 8.8.8.8

Use a domain by all means. But on the main page put the current IP and make sure the website works with an IP address as well as a domain.

A good tld to use for a domain like this is .ARPA. They never expire and they're just another TLD. If you own an IP, you have an arpa address you can use for anything you want.

You can use one in an NS record, but I haven't yet found an icann registrar that will take .arpa as a domain, it says it's invalid (never mind it's the first tld ever)

Re:.tk, seriously? (-1)

Anonymous Coward | more than 2 years ago | (#39762075)

I hate black gangster bastards with their fat lips and shit colored faces. I wish they'd all stop trying to be something they're not. Niggers are closer to monkeys than white people. They belong either in a field picking cotton or in a zoo. And there's a sign that says, "Don't feed the nigger.. or give him drugs."

Ya know what else I hate? Indians.

I can't stand fat, drunk Native American bastards that take all our tax money and bitch that they're still being affected by their ancestors who died 200 years ago. "Boohoo, I'm 1/64 Chippawa and my great, great, great, great, great grandpa died of Small Pox because of you. Now give me $1000/month." Fuck no and fuck you. Whites won fair and square.

See, wars have winners and losers. White people went to war with Indians, and whites won. It's The United States of America now. Shut up and deal with it.

"Waa, boohoo, our heritage is being lost." Fuck that. Who gives a shit about heritage? Whites don't even care about their stupid heritage. It's all the same shit. Stop acting like you're special. You're a human like everybody else. A stupid, fat, lazy, primitive looking human, but a human none-the-less.

Ya know what else I hate? Gooks. Fucking chink bastards should be nuked.

Why couldn't the US have nuked Japan right off the map? I don't understand why they stopped at two cities. If you start a job, you might as well finish it.

Along the same lines, how come nobody stood up to take Hitler's place in eliminating the world of those whiney, greedy, kike bastards?

I hate every ethnicity. I think there should be a new Olympic sport where you put samples of every race into a field and they all get weapons and have to kill eachother. Then the the last team left standing wins a cheesy plastic medal, and then is quickly shot by riflemen and eaten by hungry white men with tobasco sauce and salsa.

Re:.tk, seriously? (1)

smi.james.th (1706780) | more than 2 years ago | (#39762139)

I suspect that it was because .tk is free... If they wanted to pay for a domain, then some Anonymous member would likely have to give up some personal details... (Disclaimer, haven't read TFA so what I said could be complete bull.)

There are some problems with it (1)

elucido (870205) | more than 2 years ago | (#39762583)

I suspect that it was because .tk is free... If they wanted to pay for a domain, then some Anonymous member would likely have to give up some personal details... (Disclaimer, haven't read TFA so what I said could be complete bull.)

But since they aren't giving us detailed technical specifications we "experts" cannot check it to determine what those problems might be. I'd like to discuss the technical specifications but I would think something like this would have to be set up with a special protocol and decentralized DNS. I would expect it to be on the darknet.

Re:There are some problems with it (4, Informative)

spydir31 (312329) | more than 2 years ago | (#39763175)

It runs on ZeroBin [sebsauvage.net] , which uses client side javascript to generate a random 256bit AES key, then compress and encrypt the text before sending it to the server. Comments are also compressed and encrypted. The key is never seen by the server, so the server can't decrypt your data.

It uses the Stanford Javascript Crypto Library [stanford.edu] for its AES code, and its codebase is available on github [github.com] .

The system is vulnerable to an MITM attack, also a server admin may be able to reveal the poster's identity, but not the post's content

Re:There are some problems with it (2)

Meneth (872868) | more than 2 years ago | (#39763615)

The server operator could modify the javascript it sends to the client, so that the client sends either the key or the plaintext to a place of the operator's choosing.

Re:There are some problems with it (3, Interesting)

spydir31 (312329) | more than 2 years ago | (#39763697)

The server operator could modify the javascript it sends to the client, so that the client sends either the key or the plaintext to a place of the operator's choosing.

That would fall under the same category as MITM in this case. You still need to trust the server (or a server, if you prefer)

You could move the client side code to a browser addon/extension, but you'd still have the problem of trusting the extension to behave

Re:There are some problems with it (1)

elucido (870205) | more than 2 years ago | (#39767641)

It runs on ZeroBin [sebsauvage.net] , which uses client side javascript to generate a random 256bit AES key, then compress and encrypt the text before sending it to the server. Comments are also compressed and encrypted. The key is never seen by the server, so the server can't decrypt your data.

It uses the Stanford Javascript Crypto Library [stanford.edu] for its AES code, and its codebase is available on github [github.com] .

The system is vulnerable to an MITM attack, also a server admin may be able to reveal the poster's identity, but not the post's content

Revealing the posters identity is worse than revealing the posters content! That is a huge security hole.

Also where is the key stored? Expect the government to investigate and interrogate whoever has the keys.

Re:There are some problems with it (2)

friend function (1492021) | more than 2 years ago | (#39768745)

Also where is the key stored? Expect the government to investigate and interrogate whoever has the keys.

According to the ZeroBin website [sebsauvage.net] , the key is not "stored;" it is part of the URL string (which never goes to the server). For example:

http://sebsauvage.net/paste/?e4af05540340d85a#zLtQuuHWSJgl3z12lIAJy3ZZeyTdC3dVarlGH8R+TZ4=

You give the link to your friends. The link contains both a paste ID as well as a key. You and your friends' browsers use the key to decrypt the data for the given paste ID.

Also, there's no inherent reason to distrust Javascript running on an "Anonymous"-run website any more than you'd distrust any other site's Javascript (or pastebin.com's, for example). In any case, the source is open (and if you have the technical ability to analyze it for holes/backdoors/weaknesses, you can).

Re:.tk, seriously? (3, Insightful)

cloricus (691063) | more than 2 years ago | (#39762299)

Why would they want to take down what may become the most effective honey pot in history?

Re:.tk, seriously? (5, Funny)

Anonymous Coward | more than 2 years ago | (#39762327)

They should have set their servers up in Judea.

Re:.tk, seriously? (0)

Anonymous Coward | more than 2 years ago | (#39764799)

Fuck off!

Re:.tk, seriously? (0)

Anonymous Coward | more than 2 years ago | (#39766849)

They should have set their servers up in Judea.

oh now that is quite clever, i applaud you sir

Major Fail: ZeroBin requires the JavaScript (4, Interesting)

xiando (770382) | more than 2 years ago | (#39762073)

I am NOT about to let you or your anonymous friends run JavaScript in my browser. No. That would compromise my security. The idea outlined in the summary sounds good, but the JavaScript-based implementation is bad. EPIC FAIL. Think of the Tor-users! They are not about to let their anonymity go by submitting to the evil JavaScript World Order.

Re:Major Fail: ZeroBin requires the JavaScript (1)

The MAZZTer (911996) | more than 2 years ago | (#39762085)

If you are concerned that much about anonymity that you turn off JS when you use Tor you should probably be using the Tor Browser bundle instead to ensure you look just like any other Tor user.

Also I doubt a Slashdot editor would let a malicious website get into an article link.

Re:Major Fail: ZeroBin requires the JavaScript (-1)

Anonymous Coward | more than 2 years ago | (#39762101)

They don't even seem to understand what an Editor does, just take a look at all the spelling mistakes that get through or the amazing decisions they made with Slashdot Video. How are they suppose to detect a Javascript attack (especially when someone of them these are can be quite sophisticated) when they won't even spend 30 seconds checking out the summary?

Re:Major Fail: ZeroBin requires the JavaScript (0)

Anonymous Coward | more than 2 years ago | (#39762127)

Slashdot editors? Doing some actual work? You must be new here.

Re:Major Fail: ZeroBin requires the JavaScript (2)

e**(i pi)-1 (462311) | more than 2 years ago | (#39762579)

javascript is the best option. I would trust it more than any other implementation because is a language which by nature open source, i.e. http://www.peoplesliberationfront.net/anonpaste/lib/sjcl.js [peopleslib...nfront.net] http://www.peoplesliberationfront.net/anonpaste/lib/base64.js [peopleslib...nfront.net] All the encryption is done in the users browser and not on the server and one can see the code. So, download all the source files first, analyze whether there is something strange in the source and then everytime, before using the tool, check whether the source has changed.

What I do not understand however is for what this could be useful.

Re:Major Fail: ZeroBin requires the JavaScript (0)

Anonymous Coward | more than 2 years ago | (#39762893)

The encryption uses Javascript. There really isn't another way to do that type of stuff from the browser unless you want to allow extensions or plugins, which is obviously much worse than Javascript.

Re:Major Fail: ZeroBin requires the JavaScript (3, Informative)

allo (1728082) | more than 2 years ago | (#39763125)

you can have only one of them:
- no client side scripting
- client side crypting/decrypting

but do not worry, javascript is sandboxed to the site's context.

Re:Major Fail: ZeroBin requires the JavaScript (3, Informative)

Tom (822) | more than 2 years ago | (#39763153)

Javascript isn't half as evil as you make it.

It's main failing is that it sucks for crypto. A quick reference I could dig out:
http://www.matasano.com/articles/javascript-cryptography/ [matasano.com]

Basically, it has several problems, the main one being that where they write "random key" in the "browser" box in their little flowchart it should honestly say "weak pseudo-random key".

Re:Major Fail: ZeroBin requires the JavaScript (1)

chill (34294) | more than 2 years ago | (#39763851)

Sigh...

Long reply deleted after I read the entire page you linked to. Saved myself some embarrassment there.

Thanks for that link. :-)

"Great minds think alike..." (0)

Anonymous Coward | more than 2 years ago | (#39763905)

By disallowing adbanners & javascript (where unnecessary), plus plugins I don't need? They're ALL "power-saving webpages" for me (as well as faster, & more secure).

Additionally? Since I use what's below, I get there FASTER, SAFER, & just overall, better + more reliably...

APK

P.S.=> How? Simple: The custom hosts file I utilize for one!

Combine it with judicious layered security measures like cutting the indiscriminate usage of javascript (especially where I don't need it, & same with plugins like FLASH?) - you get what I get - Faster, Safer, & better reliability (even a bit better 'anonymity' vs. tracking + DNS request logs).

My hosts file current has 1,772,964++ entries, vs. known bad host-domain names (which IS the majority of what you use, hence the DNS system itself being in place, faults & all, as well as malware makers because these are RECYCLABLE, & the RBN was doing it like mad) & growing CONSTANTLY via a DelphiXE2 64-bit system I've rewritten for the 5th time since late 2003!

That, & then even "layering in 'defense-in-depth'": AdBlock addons for FireFox + Opera, IE TPL's for IE...

(Even though they're less efficient than a hosts file which is merely a filter for the IP stack running in PnP designed Ring 0/ RPL 0/kernelmode vs. browser addons running as 'extra-weight' on usermode/ring 3/rpl 3 webbrowsers)...

HOWEVER - AdBlock can't:

---

1.) Speedup my access to sites that are my favs. as hosts can via "hardcoding" those favs entries in it

2.) Adblock won't protect external to browser email programs (like Outlook) either...

3.) Neither can firewalls on #1...

---

Anyhow/anyways:

Between those 3 measures (custom hosts files & using javascript + plugins where needed only & judiciously)?

I am NOT 'burning more power, CPU cycles, RAM, & other forms of I/O (as a local DNS program would (faults in recursive mode especially) OR a separate system doing so - and of course, I get there faster, safer, & more reliably!

"Nothing rides for free", but when I have 'passengers' that set the rest of my 'riders' @ risk, or suck up power they could use too? OUT THE DOOR THEY GO... as dead-weight - hence no local DNS server running here (no thanks, I've seen TOO MUCH of them being DNS-poisoned redirected)... but?

I do use them, external to my system & in a "layered triumvirate zone-defense type formation", & GOOD SOLID filtering ones vs. malware, phishing, & the like:

---

Norton DNS:

198.153.192.1
198.153.194.1
198.153.192.60
198.153.194.60
198.153.192.50
198.153.194.50
198.153.192.40
198.153.194.40

OpenDNS:

208.67.222.222
208.67.220.220

ScrubIT DNS:

67.138.54.100
207.225.209.66

---

Layered into BOTH my hardware-side router(s) & my IP stack settings in Windows for DNS servers... they filter vs. known bad sites/servers/hosts-domains & IP addresses, & vs. phishing/spamming (even pr0n)...

I use Opera 12 64-bit build 1380 & it has a FLASH only on demand option I use, and in FireFox (WaterFox &/or PaleMoon 64-bit) I use Adblock + NoScript also + IE has TPL's in place too (alongside hosts files covering them ALL in "layered-security"/"defense-in-depth" fashion), which of course saves power too & of course, keeps you "proof" vs. Adobe's FLASH (which with JAVA/javascript, are the MOST used "attack vectors" there is)...

And... there you are!

Oh, how could I forget this: Prepare for the "trolls" & their ad hominem attacks, & effete 'retaliation' vs. my statements here, via down moderations of this post, lol... call it a "hunch/prediction", or just a trend I've noted whenever I mention hosts files!

Gee - I wonder what they're afraid of from hosts files, most of all?? Not... lol!

... apk

Addendum/Edit/Correction of myself... (0)

Anonymous Coward | more than 2 years ago | (#39764053)

"I use Opera 12 64-bit build 1380 & it has a FLASH only on demand option I use, and in FireFox (WaterFox &/or PaleMoon 64-bit) I use Adblock + NoScript also + IE has TPL's in place too (alongside hosts files covering them ALL in "layered-security"/"defense-in-depth" fashion), which of course saves power too & of course, keeps you "proof" vs. Adobe's FLASH (which with JAVA/javascript, are the MOST used "attack vectors" there is)..." - by Anonymous Coward (ME, apk) on Sunday April 22, @01:31PM (#39763905)

Toss FlashBlock in there too, for FireFox... sorry, was writing too fast, & didn't put it in there also!

APK

P.S.=> Better ME correcting myself, than some "nitpicker troll", ala "Cardinal Richelieu"... apk

Re:"Great minds think alike..." (-1)

Anonymous Coward | more than 2 years ago | (#39764523)

Suck the shit from my asshole, nerd.

Sounds kinky! (0)

Anonymous Coward | more than 2 years ago | (#39764585)

No thanks, not interested in ur "StRaNgE-PhAnTaSiEz", lol!

* Just as I predicted - the "trolling worms" show up...

APK

P.S.=> For someone that tosses names the way you do, what's it like doing it as a TOTAL COWARD, by posting as ac & not even letting us know who you are? You & YOUR KIND online, & in life?? Make me LAUGH... lol!

... apk

Additionally, since u called me "nerd"? (0)

Anonymous Coward | more than 2 years ago | (#39764709)

Show us you've done this or better -> http://lemoynedolphins.com/sports/mlax/history/mlaxletterwinners [lemoynedolphins.com]

(Check "K" section, & my name in 1985)

* Where I was also an NCAA 1st string lettering athlete for a many time national OR divisional champion in a sport that's faster & harder than football imo & yes, I played both...

Heck, I even scored on the many, Many, MANY time Division I national champ in Syracuse U. preventing shut outs (my school's NEVER been shut out in that sport by the by) - I played with OR vs. most of their squad in highschool & middleschool/junior high, so it only made sense I could "run with the best the nation has to offer", anytime...

(Before I became medically ineligible after my 2nd season there due to physical problems)

In a sport that even the GREAT Jim Brown of NCAA & NFL fame said:

"I'd play lacrosse 6 days of the week & football on Sundays" as to what he thought of it.

(So... "that all said & aside": You can call me "nerd" all you like, but I don't know too many "nerds" that can make the claim I just did, & back it up too - now, let's see YOU do the same... ok? Good luck... I have the feeling you can't...)

APK

P.S.=> Of course, you're also posting as a TOTAL anonymous coward, & that speaks WORLDS of your nature (trolling worm, nothing more)...

... apk

Re:Additionally, since u called me "nerd"? (-1)

Anonymous Coward | more than 2 years ago | (#39764789)

(Before I became medically ineligible after my 2nd season there due to physical problems)

Let me guess, your asshole ruptured because you let some huge, hung nigger give you a harsh dicking and it destroyed your anus for good. How close am I?

WoW... U have "issues"! apk (0)

Anonymous Coward | more than 2 years ago | (#39765223)

"Let me guess, your asshole ruptured because you let some huge, hung nigger give you a harsh dicking and it destroyed your anus for good. How close am I?" - Anonymous Coward on Sunday April 22, @03:13PM (#39764789)

See subject & as I suspected: U called me "nerd" but you can't do THAT anymore, now can you?

ANSWER = No Sir...

* Additionally - on how you called me a "nerd" & said some very "StRaNgE" things earlier, indicative of your "tastes" (lol)?

Well... I don't see you having done any better on that account of athletic performance either, per my question I put to you, so... "proof's-in-the-pudding" that you're "projecting" w/ the name you called me!

Only problem is, I'd wager you haven't done well on the 'nerd front' either... lol!

I've also done "pretty OK" in my time in the computer sciences arena also!

(After all, you obviously haven't done well athletically & I have in my past... so your calling me a nerd here -> http://yro.slashdot.org/comments.pl?sid=2802947&cid=39764523 [slashdot.org] ? Your point is "moot", & typical of your always FAILING off-topic illogical ad hominem attack attempts, that fail as per your usual, in the light of facts I put up here vs. your 'accusations' -> http://yro.slashdot.org/comments.pl?sid=2802947&cid=39764709 [slashdot.org] )

APK

P.S.=> Quit projecting, do something useful w/ your time instead of being a troll (& not just ANY type of troll - the "lurk & stalk + harass by ac posts variety", lol, the 'lowest' of the breed in fact)...

... apk

Re:WoW... U have "issues"! apk (0)

Anonymous Coward | more than 2 years ago | (#39766081)

Like I have to prove myself to some idiot host-file faggot who gets his assrammed by bull-nigger nightly (you have admitted this before and are now trying to cover up your history because you don't want the news of your AIDS to spread before you can infect more little faggots).
And just for your information, you pathetic geek, I was an alternate in the 1978 olympics in ribbon twirling. So stick that up your ass and massage your fucking prostate with it before you call me a weakling again, nerd.

Prove it then (& sorry to disappoint you but.. (0)

Anonymous Coward | more than 2 years ago | (#39766247)

"Like I have to prove myself to some idiot host-file faggot who gets his assrammed by bull-nigger nightly" - by Anonymous Coward on Sunday April 22, @06:30PM (#39766081)

You've already proven yourself in all your posts (as a "ne'er-do-well" & troll... nothing more) - & please: QUIT PROJECTING on things that obviously have happened to yourself, since you "harp on it" constantly in your replies here!

---

"(you have admitted this before and are now trying to cover up your history because you don't want the news of your AIDS to spread before you can infect more little faggots)." - by Anonymous Coward on Sunday April 22, @06:30PM (#39766081)

LOL - Well... Sorry to disappoint you: I don't have AIDS, and I am not a homosexual, so... go "find yourself another dish - I am NOT ON THE MENU", lol...

---

"And just for your information, you pathetic geek, I was an alternate in the 1978 olympics in ribbon twirling." - by Anonymous Coward on Sunday April 22, @06:30PM (#39766081)

Ok, see my subject-line above - Prove it!

Man... that's all I've ever asked of you - you never do though... I can say I am Mr. Bill Gates too, you know? However, I don't.

---

"So stick that up your ass and massage your fucking prostate with it before you call me a weakling again, nerd." - by Anonymous Coward on Sunday April 22, @06:30PM (#39766081)

First of all - you're VERY "StRaNgE"... lol!

Secondly?

Ahem: WHERE DID I CALL YOU A "WEAKLING"?

Hmmm??

(You're either hallucinating, or you have issues (which I am fairly certain by this point you do on several levels, many of which you project here constantly)).

* That you're bitter about your life is also quite evident as well... & good luck proving your statement above is all I can say to you by this point.

APK

P.S.=> Whose fault is THAT though, on both accounts per the above (being a "ne'er-do-well" & obviously projecting + bitter about your obviously wasted life)? Your own - nobody else's... apk

Re:Prove it then (& sorry to disappoint you bu (0)

Anonymous Coward | more than 2 years ago | (#39766617)

Are you calling me a liar, you semen drinking cock addict? How fucking dare you! It's bad enough that you continue to come on here and tell us all about your faggot exploits and having sex with niggers in truckstop restrooms, but now you challenge the fact that I am a professional athlete and call me a loser? Well FUCK YOU, you hopeless faggot. I could sue you for libel you know. When Jesus comes back you will be thrown into the lake of fire to burn for all of eternity unless you pull your fist out of your boyfriends ass and repent right now and apologize to me right away.

Re:Prove it then (& sorry to disappoint you bu (0)

Anonymous Coward | more than 2 years ago | (#39767001)

You're losing it.

Cool, but... (4, Interesting)

betterunixthanunix (980855) | more than 2 years ago | (#39762079)

...we already have lots of ways to do this. We can encrypt and post to Usenet. We can use extensions like FireGPG to encrypt on post to websites. So why use a system where we place all our trust in the service provider, which is both theoretically risky and has failed in the past:

http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/ [wired.com]

Re:Cool, but... (1)

gl4ss (559668) | more than 2 years ago | (#39762377)

well yeah, but could you provide a one liner url to those?

Re:Cool, but... (1)

betterunixthanunix (980855) | more than 2 years ago | (#39762431)

Probably not; more like one URL and a decryption key that would be pasted in somewhere. Really though, an extension like FireGPG that provides this capability would be a lot better -- I do not want to trust some server to send me my decryption program every time I want to access a file. This may even be worse than Hushmail, since any of the people who are accessing the file could be targeted; the server could merely flag the data it wants to decrypt, and wait for the first person with that URL to come along and open it.

Re:Cool, but... (2)

elucido (870205) | more than 2 years ago | (#39762643)

Probably not; more like one URL and a decryption key that would be pasted in somewhere. Really though, an extension like FireGPG that provides this capability would be a lot better -- I do not want to trust some server to send me my decryption program every time I want to access a file. This may even be worse than Hushmail, since any of the people who are accessing the file could be targeted; the server could merely flag the data it wants to decrypt, and wait for the first person with that URL to come along and open it.

If it's a honeypot it's not going to work anyway. But honestly I don't see the PLF offering a honeypot. Anonymous and the PLF are two different entities. PLF are serious and are highly skilled while Anonymous is populated but anybody whether they are serious with skills or just teenagers looking for lulz.

Re:Cool, but... (2)

elucido (870205) | more than 2 years ago | (#39762561)

...we already have lots of ways to do this. We can encrypt and post to Usenet. We can use extensions like FireGPG to encrypt on post to websites. So why use a system where we place all our trust in the service provider, which is both theoretically risky and has failed in the past:

http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/ [wired.com]

Exactly.

The other problem is it takes specialists to actually use this encryption in the context they are talking about. Anyone with the special skills to have to use this sort of encryption would exercise great caution.

That website Anonpaste is going to have to have a darknet backend of some sort. It's also going to need a distributed decentralized DNS because governments are going to attack the DNS when they figure out they cannot DDOS the servers.

Finally these servers have to be protected and secure. The best place to put them would be in bunkers, caves, and other hard to reach places. If they finally got up that satellite dish they were talking about launching then they could use that too.

Re:Cool, but... (0)

Anonymous Coward | more than 2 years ago | (#39762729)

when you post a message to usenet, it's like posting an email to any random web server: it provides a way to anyone to register your connection and therefore leave a paper trail, which is then propagated to every usenet server.

With a HTTP interface, you explicitly connect to a single server which does not propagate by design your personal information to any number of servers. If that server puts in place security and privacy measures, you essentially have an anonymous messageboard.

Re:Cool, but... (1)

betterunixthanunix (980855) | more than 2 years ago | (#39763595)

when you post a message to usenet, it's like posting an email to any random web server: it provides a way to anyone to register your connection and therefore leave a paper trail, which is then propagated to every usenet server.

Which is why people use these:

https://en.wikipedia.org/wiki/Anonymous_remailer [wikipedia.org]

.TK? Really? (-1)

Anonymous Coward | more than 2 years ago | (#39762081)

You have got to be kidding me, how does this amateurish bullshit end up on Slashdot? I've seen BV Dot TK fold actively police their namespace for controversial or potentially troublesome or illegal content for years, they'll do the same here. Stupid to advertise a domain like that as your face to the world.

Almost as anonymous (1)

Hentes (2461350) | more than 2 years ago | (#39762087)

as DDoSing websites.

OHAI, FBI!!!! *waves* (1)

IonOtter (629215) | more than 2 years ago | (#39762121)

Trying another false-flag operation? Going for #Anti-Sec 2?

Re:OHAI, FBI!!!! *waves* (2)

elucido (870205) | more than 2 years ago | (#39762629)

Trying another false-flag operation? Going for #Anti-Sec 2?

It's not that simple although I do see your point considering Sabu was their snitch. I doubt the FBI infiltrated the PLF though. PLF are far more skilled and very much professionals.

I'll say it again, anyone who actually has a need to use encryption of this sort properly would need specialized skills to begin with. The PLF is not going to provide any sort of training. So basically if you have a need to use this then you already know how to become Anonymous on the internet. If you don't then you shouldn't be using something like this in the first place.

And no I don't think it's about the FBI because there are intelligence agencies all around the world other than the FBI who wont like this either. It's all the global government agencies that will hate this in general. It's global government agencies vs Anonymous.

Server cannot see the data? (1, Insightful)

Sun (104778) | more than 2 years ago | (#39762147)

It claims that data is encrypted and decrypted in the browser using 256 bit AES, so the server doesn't see any of the information included in the paste.

And where does the key come from? If from the server, then the data is not encrypted at all.

Shacahr

Re:Server cannot see the data? (3, Informative)

Sun (104778) | more than 2 years ago | (#39762203)

Okay, I take it back. It seems that the reading URL contains the decryption key. That's actually quite nice.

The key seems to be stored in the in-page bookmark (the part after the "#"), so there is even a chance it won't be available through the server's logs. I have not checked whether it is the client or the server that produces the URL for reference. That might mean a trip to the server after all, but given the design of the rest, there is hope it was done properly after all.

Shachar

Re:Server cannot see the data? (0)

Anonymous Coward | more than 2 years ago | (#39762427)

Okay, I take it back.

Right after getting moded up. How convenient!

Next time before spreading FUD check your fact. Jumping to conclusion only make you sound intelligent in your head.

Do the right thing, report your own comment for removal. (click the fag icon)

Re:Server cannot see the data? (0)

Anonymous Coward | more than 2 years ago | (#39768133)

His first comment doesn't contain anything false, just a question. It's not FUD. FUD would be this:
Where does the encryption key come from ? From the server of course, this is clearly some scheme to get a bunch of interesting information directly to whoever runs their site.

Re:Server cannot see the data? (1)

terrox (555131) | more than 2 years ago | (#39762447)

why wouldn't the # part of the URL be stored in logs? anyone with the URL and anyone looking at the URL history/logs etc can therefore unencrypt the text, this makes no sense to me.

Re:Server cannot see the data? (2)

Sun (104778) | more than 2 years ago | (#39762769)

Because the # part is intended for the local browser. It is not part of the URL sent to the server, it is intended to tell the browser to go to a certain bookmark (anchor, in HTML jargon) inside the page.

You will notice that if you change just the part after the # and hit "enter", the browser does not refresh the page. That's because it does not think anything changed that is worth notifying the server.

Shachar

still a problem (1)

allo (1728082) | more than 2 years ago | (#39763167)

where does the decrypting code come from?

lets assume an attacker has the server under his control. he will not only be able to modify the scripts to send the content of the decrypted paste back, he can even send the entered password to the server.

so its still more insecure than crypting off-browser and pasting it then. But better an encryption, which is secure most the time, than no attempt at all. You can just not guarantee, it will be encrypted or safe. So do not use it, if you know better. But encourage people who have the options to use it or do not encrypt at all, to use it.

Re:still a problem (1)

iserlohn (49556) | more than 2 years ago | (#39763733)

Actually, a much more secure version of this is https://ezcrypt.it/ [ezcrypt.it] with which the decryption key can also be further encrypted with a password.

Re:still a problem (1)

allo (1728082) | more than 2 years ago | (#39765447)

as long as its done by javascript, which comes from this site, they may replace the javascript with a logging version. so you cannot win without using a trusted program (which should be installed locally, so nobody can secretly replace it).

Re:Server cannot see the data? (-1)

Anonymous Coward | more than 2 years ago | (#39762219)

Gosh, how did they not think of that? Idiots!!! Luckily, the world has you to point it out. Quick, fire off a Slashdot message so you can prove how smart you are.

It's like piratepad (1)

elucido (870205) | more than 2 years ago | (#39762523)

It claims that data is encrypted and decrypted in the browser using 256 bit AES, so the server doesn't see any of the information included in the paste.

And where does the key come from? If from the server, then the data is not encrypted at all.

Shacahr

http://beta.piratepad.net/front-page/ [piratepad.net]

Actually I'd say piratepad is slightly better.

Oh yeah? (3, Funny)

Rydia (556444) | more than 2 years ago | (#39762279)

Well, Anonymous is going to start their OWN pastebin! With hookers! And blackjack!

Sounds a lot like nonsense (0)

Anonymous Coward | more than 2 years ago | (#39762301)

Sorry, the whole story doesn't make much sense. If anyone can access the pastebin, then anyone can see its contents, including the server, no matter how encrypted the data is stored on it. If not anyone can access the server then it's not a public pastebin, but an encrypted fileserver and whoever accesses it would need to password first.

Re:Sounds a lot like nonsense (3, Insightful)

elucido (870205) | more than 2 years ago | (#39762535)

Sorry, the whole story doesn't make much sense. If anyone can access the pastebin, then anyone can see its contents, including the server, no matter how encrypted the data is stored on it. If not anyone can access the server then it's not a public pastebin, but an encrypted fileserver and whoever accesses it would need to password first.

The smart way is just to encrypt your data with PGP or AES and then upload it to piratepad.

This Anonpaste wont be useful unless you connect to it anonymously. What they are promising is they wont censor your shit if you post something tragic.

Isn't "peoples" and "libertarian" together a contr (0)

dbIII (701233) | more than 2 years ago | (#39762319)

Isn't "peoples" and "libertarian" together a contradiction? Most forms of "libertarianism" appear to me to be "I'm all right Jack and the people can just go and suffer if they didn't manage to get rich".

Re:Isn't "peoples" and "libertarian" together a co (1)

Blaskowicz (634489) | more than 2 years ago | (#39762469)

"liberty" and "libertarian" are separate concepts.

Re:Isn't "peoples" and "libertarian" together a co (1)

Blaskowicz (634489) | more than 2 years ago | (#39762501)

oh, I thought Palestinians did it!

the "People's Liberation Front", which no one has ever heard of till now, can be easily mistaken for the Popular Front for the Liberation of Palestine.

Re:Isn't "peoples" and "libertarian" together a co (1)

Jeremy Erwin (2054) | more than 2 years ago | (#39763895)

Go see "Life of Brian."
SPLITTER!

Only a contradiction in US-speak.... (2)

Ellis D. Tripp (755736) | more than 2 years ago | (#39762779)

Only in the US has the word "libertarian" been co-opted by the free-market uber alles, Ayn Rand worshiping, "I've got mine so fuck you!" crowd.

In the rest of the world, the word "libertarianism" is quite similar in meaning to "anarchism". In fact, many anarchists (including Noam Chomsky) use the term "libertarian socialism" to describe their philosophy, as the term "anarchism" has been tainted with connotations of rioting, looting, burning police cars, and punk-rock wannabees.

Re:Only a contradiction in US-speak.... (0)

Anonymous Coward | more than 2 years ago | (#39763109)

Say What you socialist puke, big govmt, gimme all your shit crook?

Re:Only a contradiction in US-speak.... (2)

Mr. Slippery (47854) | more than 2 years ago | (#39764021)

Only in the US has the word "libertarian" been co-opted by the free-market uber alles, Ayn Rand worshiping, "I've got mine so fuck you!" crowd.

As one of Kim Stanley Robinson's characters put it, "That's libertarians for you -- anarchists who want police protection from their slaves."

The typical usage in the U.S. is different because right-wong people opposed to the regulation of big business [blackened.net] tried to steal the term in the 1950s. They've managed to bamboozle a lot of folks over the years, but more and more Americans are coming to realize that "libertarian capitalism" reduces in the end to nothing but plutocracy: a state powerful enough to create and enforce so-called "property rights" on the behalf of capitalists, but not to put any leash on those capitalist's exploitation of people or the planet.

Re:Isn't "peoples" and "libertarian" together a co (0)

Anonymous Coward | more than 2 years ago | (#39763095)

libertaianism (lower case L) is a left-wing socialist anarchist movement/ philosophy that has a long history, the world over.

Libertarianism (upper case L) is a, recently created, right-wing political party in the United States that has almost nothing in common with libertarianism as the entire world uses the term.

The confusion was probably accidental. Since Americans are so poorly educated / unaware of history (even their own), someone probably just thought libertarian sounded good and took it, not understanding what it currently meant, nor its long history.

*disclaimer, I am a U.S. citizen.

chemise ralph lauren femme (-1, Offtopic)

pologuo (2623495) | more than 2 years ago | (#39762349)

My link (0)

Anonymous Coward | more than 2 years ago | (#39762421)

I Made This [peopleslib...nfront.net]

If you use AnonPaste you're one of them (3, Interesting)

elucido (870205) | more than 2 years ago | (#39762709)

According to what Pastebin says about Anonpaste just using Anonpaste could mean you have something to hide and if you have something to hide it means you need to be investigated.

Although Anonymous has used the news of AnonPaste to taunt Pastebin, Vader isn't worried about the popularity of his own site. He does see problems with the general idea of the new paste site though. "Having this new anonymous paste service online will most likely mean that less 'sensitive information' is posted on Pastebin.com, which we like," Vader told Ars, "But we think this new totally anonymous Paste site will be used mainly by people who have something to hide, people who are posting things that really shouldn't be posted. We see no benefit for normal legitimate users to use it over the currently existing paste websites. We are afraid that this site will be bombarded with people's personal information, credit-card details, and things such as child pornography."

If you use Anonpaste then the governments will claim you're a credit card thief, a child pornography, or a terrorist, because why else would you want to use something like Anonpaste?

My advice is don't post on Anonpaste. Read Anonpaste but don't post a damn thing. If someone really knows what they are doing they probably don't need Anonpaste but if they somehow did then they weighed the risks already.

Re:If you use AnonPaste you're one of them (-1)

mrmeval (662166) | more than 2 years ago | (#39763305)

Please post the source of that alleged quote. People should be able to verify it and if it is valid avoid anything that person is connected to.

Re:If you use AnonPaste you're one of them (1)

Pubstar (2525396) | more than 2 years ago | (#39765847)

Took me a total of 5 seconds to google Anonpaste + ArsTechnica. http://arstechnica.com/open-source/news/2012/04/anonymous-builds-its-own-pastebin-like-site.ars [arstechnica.com] Seriously, would it have been that hard to search for?

Re:If you use AnonPaste you're one of them (1)

mrmeval (662166) | more than 2 years ago | (#39766699)

Not posting that up front is disingenuous at best and why should I work to find it when it's something you're pushing?

Re:If you use AnonPaste you're one of them (1)

Pubstar (2525396) | more than 2 years ago | (#39768617)

Go check usernames. I was not the parent, I merely looking at the quote he used, specifically the 'Vader told Ars' part, and took a wild stab in the dark that it was ArsTechnica... you know, since they refer to themselves as Ars in their articles.

Re:If you use AnonPaste you're one of them (1)

sixtyeight (844265) | more than 2 years ago | (#39763731)

If you use Anonpaste then the governments will claim you're a credit card thief, a child pornography, or a terrorist, because why else would you want to use something like Anonpaste?

Politicians are a lot less quick to use that, "Only criminals demand their right to privacy" routine after a few demands for public strip-searches.

Interestingly, the political corruption in the U.S. is getting resolved by, of all people, the military [wordpress.com] .

Re:If you use AnonPaste you're one of them (0)

Anonymous Coward | more than 2 years ago | (#39763859)

Not very long ago some people came under investigation for not having a mobile phone, or not taking their mobile phone into a meeting, meaning they couldn't be tracked. This was considered to be highly suspicious behavior and probably illegal. Soon, it will be mandatory for all new cars in the States to have black box data recorders to monitor all their movements in real time. What could possibly go wrong with that? And the next step? Probably sometime soon, people like you, elucido, will decide that it's fine for the government to surgically implant GPS trackers in everyone's heads. Why wouldn't you want them to be able to track you, after all, if you have nothing to hide?

Re:If you use AnonPaste you're one of them (1)

elucido (870205) | more than 2 years ago | (#39767633)

Not very long ago some people came under investigation for not having a mobile phone, or not taking their mobile phone into a meeting, meaning they couldn't be tracked. This was considered to be highly suspicious behavior and probably illegal. Soon, it will be mandatory for all new cars in the States to have black box data recorders to monitor all their movements in real time. What could possibly go wrong with that? And the next step? Probably sometime soon, people like you, elucido, will decide that it's fine for the government to surgically implant GPS trackers in everyone's heads. Why wouldn't you want them to be able to track you, after all, if you have nothing to hide?

I don't make those types of decisions. In fact I don't decide any of this. Don't try to pin the blame on me.

Re:If you use AnonPaste you're one of them (0)

Anonymous Coward | more than 2 years ago | (#39764091)

This response is scary when you think about it - what a statement on how democracies are run these days.

Monty Python teaming up with Anonymous? (5, Funny)

Anonymous Coward | more than 2 years ago | (#39762717)

Would that be the Peoples Liberation front of Judea or the Judean Peoples Liberation Front?

WTF? (1)

kelemvor4 (1980226) | more than 2 years ago | (#39763383)

I thought most of anonymous was in prison after that last big bust a month or two ago. Didn't even know they were still operating.

Can't tell if sarcastic or real... (0)

Anonymous Coward | more than 2 years ago | (#39763683)

But in case of the latter, it was but a drop in the ocean. Quite frankly I believe highly publicised busts like that only serve to strengthn Anonymous "member-wise".

Don't You Mean... (1)

Jane Q. Public (1010737) | more than 2 years ago | (#39763429)

... the Judean People's Front?

Typical Anonymous (1)

sixtyeight (844265) | more than 2 years ago | (#39763847)

Can someone please tell me what's supposed to be so politically edgy about creating yet another disordered, unregulated system?

That kind of jumbling and lack of accountability is pretty much the problem with our political system, and yet Anonymous sells it as subversive and avant-garde. It's not.

Then when you ask Anonymous what it thinks it's trying to accomplish, rather than sending you a sheaf of redacted government memos they just tell you, "There is no such thing as Anonymous." If life were a party, Anonymous would be the geeky attention-seeking teen off in the corner snorting handfuls of GHB.

It'd be nice if groups "there's no such thing as" didn't make headlines so often. I can't take them seriously.

Re:Typical Anonymous (0)

Anonymous Coward | more than 2 years ago | (#39764715)

Don't you have a facebook wall to go post on?

Can someone please tell me what's supposed to be so politically edgy about creating yet another disordered, unregulated system?

Explain your sig then:

The Wolfpack Project [bit.ly]: BitCoin + Crowdfunding = Political Accountability

Re:Typical Anonymous (1)

sixtyeight (844265) | more than 2 years ago | (#39764953)

Don't you have a facebook wall to go post on?

Touché, sir. You cut me to the quick.

Can someone please tell me what's supposed to be so politically edgy about creating yet another disordered, unregulated system?

Explain your sig then:

The Wolfpack Project [bit.ly]: BitCoin + Crowdfunding = Political Accountability

Certainly. Which word gave you difficulty?

Re:Typical Anonymous (0)

Anonymous Coward | more than 2 years ago | (#39764755)

The problem is not lack of accountability in the political system.

The problem is that the people in the political system want to force the rest of us to be always accountable, while they themselves keeping the luxury of unaccountability.

Anonymous is about levelling the playing field: Allow everyone, not just those in the political system, to be unaccountable.

Re:Typical Anonymous (1)

sixtyeight (844265) | more than 2 years ago | (#39764917)

The problem is that the people in the political system want to force the rest of us to be always accountable, while they themselves keeping the luxury of unaccountability.

We appear to be using two different definitions of "accountability".

People used to be accountable to themselves and each other - and through them, the law. If you violated rights, you had to make amends or become an outlaw. Laws were made to uphold standards of rights and values that people had in common - they were a formalized system of basic human decency.

In time, the representatives we delegated to maintain that system turned the concept of "accountability" on its ear, pretending that they, as public officials, were entities in and of themselves - with an agenda all their own. So today, people often think of "accountability" only in their redefined, bastardized usage: accountability to the whimsical edicts of legislators. But this is the idea of accountability being made to stand on its' head. There is no accountability without self-accountability, just as there is no control without self-control. The idea of being held accountable to an arbitrary, whimsical system is the idea of being accountable to a non-system - in other words, arbitrary edicts and mandates from authority figures. Slavery. In this modern usage, "accountability" doesn't mean anything valid. It becomes a socially acceptable substitute for "slavery", and I'm not using it that way because it would be rather bizarre and unconscionable. I mean real, legitimate, true accountability.

Anonymous is about levelling the playing field: Allow everyone, not just those in the political system, to be unaccountable.

Chaos is just as much a threat to rights as tyranny. Is that not self-evident to you?

It's like they're people who are tired of freezing, and so they set themselves on fire. Spectacular, but utterly useless.

Groups like Anonymous seem to get quite a kick out of thumbing their noses at the authority figures in the room. If only they'd realize that as members of We, the People, we are the authority figures, and the politicians are required to be our representatives, they could start reasserting a legitimate, functional society. And they'd realize that doesn't happen by adopting the position of the incorrigible adolescent truant; it takes people actively being functional human beings. That's the only way you get a functional society.

URL (2)

kangsterizer (1698322) | more than 2 years ago | (#39764657)

Make sure you don't put the URL that matter in the article!
That could be thousand of ads prints for missed !

The link is http://www.anonpaste.tk/ [anonpaste.tk]

Wait... (1)

flibbidyfloo (451053) | more than 2 years ago | (#39764757)

Is it the Judean People's Liberation Front, or the People's Liberation Front of Judea?

Woao. (3, Informative)

sebsauvage (771545) | more than 2 years ago | (#39764925)

Woao. My name on the front page of Slashdot. Now I can die. :-D

If you don't trust AnonPaste, you can just install ZeroBin [sebsauvage.net] (the opensource software AnonPaste is based on) on your own website.

And don't forget Wikileaks' connections, please (1)

sgt_doom (655561) | more than 2 years ago | (#39765249)

And lest anyone forgets, because it's supposed to drag out forever, Anna Ardin (a k a Anna Bernardin), the accuser of Wikileaks' Julian Assange, worked for (and may still work for them) the Bonnier family through one of their tabloids, while the two sisters of Claes Borgstrom (one of the two partners of the law firm representing Anna Ardin in trying to get Assange extradited to Sweden) work for the Bonnier family, and Thomas Bodstrom (the other partner of that law firm, who was the Justice Minister of Sweden who colluded with the American CIA to extreme rendition to innocent Arab-Swedes, later exonerated in court) publishes through the Bonnier family.

Oh yeah....and presently Thomas Bodstrom and family are living a short drive from the CIA's HQ in Northern Virginia, USA.

Sounds great. (1)

caluml (551744) | more than 2 years ago | (#39765431)

Sounds great.

Now, how can I be sure that the Javascript executing in my browser, a:. isn't malicious, and b:, hasn't been intercepted and changed by someone in the middle?

Ca y est Seb ! Tu y es !! (1)

lexa1979 (2020026) | more than 2 years ago | (#39768037)

Congratulation Sebastien for finally making it on Slashdot !! Ca ne te fait pas l'effet d'un gateau d'anniversaire ? Au plaisir de continuer à te lire via shaarli ;0)

seems down at the moment (0)

Anonymous Coward | more than 2 years ago | (#39768191)

It seems to be timing out for me. You can use Anonb.in for your text storage as well. http://anonb.in/ [anonb.in]
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>