Difference between revisions of "HidekiBin Support"
(→Why is the site not using SSL/TLS?) |
(→Isn't JavaScript based crypto bad idea?) |
||
| (7 intermediate revisions by the same user not shown) | |||
| Line 24: | Line 24: | ||
If you use [http://chrome.google.com Google Chrome], there is a [https://chrome.google.com/webstore/detail/hidekibin/lajfamdikjjifolocnajaojbfofngblk Chrome Application] for HidekiBin. | If you use [http://chrome.google.com Google Chrome], there is a [https://chrome.google.com/webstore/detail/hidekibin/lajfamdikjjifolocnajaojbfofngblk Chrome Application] for HidekiBin. | ||
| − | |||
| − | |||
| − | |||
| − | |||
====Did you make it?==== | ====Did you make it?==== | ||
| − | No, I do not claim ownership of the code, as it is an adaptation of [ | + | No, I do not claim ownership of the code, as it is an adaptation of [https://privatebin.net/ PrivateBin]. HidekiBin may be incorporating some original changes, but they are usually for cosmetic changes that does not affect core functionality. |
====How does it work?==== | ====How does it work?==== | ||
| − | The system is based on ZeroBin. The system supports | + | The system is based on ZeroBin. The system supports most of the features [https://privatebin.net/ PrivateBin] supports.<ref>Most of, because HidekiBin does not support file upload, for example.</ref> |
====How can it be used?==== | ====How can it be used?==== | ||
| Line 46: | Line 42: | ||
* Writing a love letter you are not going to send | * Writing a love letter you are not going to send | ||
| − | ==== | + | ====Does the site support SSL/TLS?==== |
| − | From December 2014, this site supports SSL/TLS. Point your browser to <tt>https://hidekibin.hidekisaito.com</tt>. However, because it is using [[wikipedia:Server Name Indication|SNI]] based SSL/TLS, older browser may not work | + | From December 2014, this site supports SSL/TLS. Point your browser to <tt>https://hidekibin.hidekisaito.com</tt> and is now plain text access is no longer supported. However, because it is using [[wikipedia:Server Name Indication|SNI]] based SSL/TLS, older browser may not work, however if you are using a browser so old that SNI is not supported, you shouldn't be on the Internet for obvious security reasons. |
To protect you further, you can add hidekibin.hidekisaito.com to your own [[wikipedia:HTTP Strict Transport Security|HSTS]] list on chrome by navigating to <tt>chrome://net-internals/#hsts</tt>. Inclusion request to the official HSTS list is not considered at this time as it is not possible to register, just sub-domain as opposed to base domain. By accessing HTTPS version of the site, compatible browser will set HSTS policy that lasts for seven days, thus you will have the same effect as if you have done the process above for next seven days. | To protect you further, you can add hidekibin.hidekisaito.com to your own [[wikipedia:HTTP Strict Transport Security|HSTS]] list on chrome by navigating to <tt>chrome://net-internals/#hsts</tt>. Inclusion request to the official HSTS list is not considered at this time as it is not possible to register, just sub-domain as opposed to base domain. By accessing HTTPS version of the site, compatible browser will set HSTS policy that lasts for seven days, thus you will have the same effect as if you have done the process above for next seven days. | ||
| Line 55: | Line 51: | ||
But keep in mind there are a lot of other ways way worse and less obvious things that malicious parties can do to compromise your security, such as key logger, screen captures and other data on your computer. Use of HidekiBin won't help you protect against such attacks. | But keep in mind there are a lot of other ways way worse and less obvious things that malicious parties can do to compromise your security, such as key logger, screen captures and other data on your computer. Use of HidekiBin won't help you protect against such attacks. | ||
| − | |||
| − | |||
====What it should not be used for==== | ====What it should not be used for==== | ||
| Line 76: | Line 70: | ||
In addition, some messaging system like Skype may have the same issue. So no, you can't do "first one to visit..." campaign using HidekiBin. You may want to use short expiry instead. | In addition, some messaging system like Skype may have the same issue. So no, you can't do "first one to visit..." campaign using HidekiBin. You may want to use short expiry instead. | ||
| + | |||
| + | In contrary, you will be able to use this feature to see if the message is ever intercepted and accessed by the system in transit. For example, there was a case Microsoft was found red handed snooping the content of allegedly encrypted Skype messages. These problems can be easily detectable as a legitimate destination will no longer have an access to the message. | ||
====What URL shortener works with HidekiBin?==== | ====What URL shortener works with HidekiBin?==== | ||
Latest revision as of 01:57, 27 February 2017
Contents
- 1 About this page
- 2 Status
- 3 FAQ
- 3.1 General Questions
- 3.1.1 What is HidekiBin?
- 3.1.2 Where is HidekiBin?
- 3.1.3 Is there any way to integrate HidekiBin better on my desktop?
- 3.1.4 Did you make it?
- 3.1.5 How does it work?
- 3.1.6 How can it be used?
- 3.1.7 Does the site support SSL/TLS?
- 3.1.8 Isn't JavaScript based crypto bad idea?
- 3.1.9 What it should not be used for
- 3.1.10 Is there any way to delete a paste?
- 3.1.11 I lost part of my URL and I am getting error when I try to retrieve the text, can you help me recover the content?
- 3.1.12 I try to post Burn After Reading message to Facebook and even the first person accessing gets expired message
- 3.1.13 What URL shortener works with HidekiBin?
- 3.1.14 What can go wrong?
- 3.1.15 Why should I trust you?
- 3.1.16 How can you prove me no cleartext of my message is not being transmitted.
- 3.1.17 Is there any guarantee that the paste is stored for specified time?
- 3.1.18 Is it logged?
- 3.1.19 Why the name of the site is so egotastic?
- 3.1 General Questions
- 4 Error Messages
- 5 Support
- 6 Footnotes
About this page
This page covers support information for HidekiBin.
Status
Expected Outage
None at this moment.
Known Issues
No known issues.
FAQ
General Questions
What is HidekiBin?
It's a site to store small texts
Where is HidekiBin?
http://hidekibin.hidekisaito.com
Is there any way to integrate HidekiBin better on my desktop?
If you use Google Chrome, there is a Chrome Application for HidekiBin.
Did you make it?
No, I do not claim ownership of the code, as it is an adaptation of PrivateBin. HidekiBin may be incorporating some original changes, but they are usually for cosmetic changes that does not affect core functionality.
How does it work?
The system is based on ZeroBin. The system supports most of the features PrivateBin supports.[1]
How can it be used?
You can use it to share snippets of text.
Other ideas including:
- Send your awesome source code to your friend to prove your worthiness (syntax highlighting is cool!)
- Using as a scratchpad to send text from one machine to another
- Writing a love letter you are not going to send
Does the site support SSL/TLS?
From December 2014, this site supports SSL/TLS. Point your browser to https://hidekibin.hidekisaito.com and is now plain text access is no longer supported. However, because it is using SNI based SSL/TLS, older browser may not work, however if you are using a browser so old that SNI is not supported, you shouldn't be on the Internet for obvious security reasons.
To protect you further, you can add hidekibin.hidekisaito.com to your own HSTS list on chrome by navigating to chrome://net-internals/#hsts. Inclusion request to the official HSTS list is not considered at this time as it is not possible to register, just sub-domain as opposed to base domain. By accessing HTTPS version of the site, compatible browser will set HSTS policy that lasts for seven days, thus you will have the same effect as if you have done the process above for next seven days.
Isn't JavaScript based crypto bad idea?
In a sense, you are trusting that the host is sending correct (uncompromised) script everytime you use the service. So if in the case of breach, it is possible someone might replace cryptographic script. It could be that someone between host and you may replace script to compromise your security. That's why I'd recommend you to use tools like GnuPG with HidekiBin. This way, even the script is compromised, your content is still safe.
But keep in mind there are a lot of other ways way worse and less obvious things that malicious parties can do to compromise your security, such as key logger, screen captures and other data on your computer. Use of HidekiBin won't help you protect against such attacks.
What it should not be used for
As this is mainly being an experimental service, it should not be used for exchanging sensitive information.
There's no claims regarding the integrity of the system. Generally, you shouldn't be putting anything you wouldn't be comfortable writing using other services.
Is there any way to delete a paste?
If you've kept Delete link URL when you created your paste, yes. Otherwise, no.
I lost part of my URL and I am getting error when I try to retrieve the text, can you help me recover the content?
No, I don't even have a way to do that. Essentially this means your paste is practically gone for good.
I try to post Burn After Reading message to Facebook and even the first person accessing gets expired message
Facebook and many other social network visit the URL in question to generate snippet to post on the site. Therefore, by the time intended user visit the paste in question, it is already invalidated at the time you paste your URL on those networks.
In addition, some messaging system like Skype may have the same issue. So no, you can't do "first one to visit..." campaign using HidekiBin. You may want to use short expiry instead.
In contrary, you will be able to use this feature to see if the message is ever intercepted and accessed by the system in transit. For example, there was a case Microsoft was found red handed snooping the content of allegedly encrypted Skype messages. These problems can be easily detectable as a legitimate destination will no longer have an access to the message.
What URL shortener works with HidekiBin?
Use of URL shortener is not recommended when using HidekiBin. If you use URL shortner, you should remember that key will be stored on shortner service, making it less secure.
Having said that Goo.gl and Bit.ly should work. Other shorterner may work, but I haven't tested them.
What can go wrong?
FAQ at Zerobin project page has some information about security.
If you feel like you need to actually protect your content, consider using tools like GnuPG.
Why should I trust you?
Ugh, if you can't trust me, host your own...
How can you prove me no cleartext of my message is not being transmitted.
Wireshark it, or if you are using Google Chrome, try chrome://net-internals and find out what's being transmitted… You can also see the source of the resulting paste, which would have something like:
[{"data":"{\"iv\":\"aD0sJ8wcVAjmYyZwwXJJ3A==\",\"v\":1,\"iter\":1000,\"ks\":128,\"ts\":64,\"mode\":\"ccm\",\"adata\":\"\",
\"cipher\":\"aes\",\"salt\":\"U8KyWrk8V2w=\",\"ct\":\"GE4JCRMNi6HXOfDrePiu3CHLScc=\"}",
"meta":{"expire_date":1373591794,"postdate":1370999794,"remaining_time":2591933}}]
instead of actual text. (This is visible, as when it is viewed as a source, it won't execute Javascript.)
Is there any guarantee that the paste is stored for specified time?
In short, no. Service may shut down, I might scrape old data in an effort to save some disk space, etc. The service is provided as-is and I do not assume any liabilities arising from your use of this service. Whether that is due to lost data, data breach, and any direct or indirect damages in consequence of using this service.[2]
Is it logged?
I maintain five days worth of logs, and the system derives statistical information about the site. This is mainly to diagnose problems the service may be encountering. If you are in doubt, use Tor or VPN services.
The full URL including key is not logged into the system, so it is mostly difficult (even impossible) for me to access to any of pastes submitted. (Unless, referring site has the full URL.) Specifically, the log will appear on my end like the following. (I[ address is obfuscated from the actual log.)
x.x.x.x - - [18/Jan/2015:19:36:37 -0800] "GET /?bfe8fa1c505dd83f HTTP/1.1" 200 6150 "https://hidekibin.hidekisaito.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.99 Safari/537.36"
After five days, the logs are discarded but some statistical information will remain on the system. (The service provider may keep more log than I do, but the same limitation applies in terms of what information they can get from it.)
Why the name of the site is so egotastic?
Because it was for my own use but decided to open it up for everyone.
Error Messages
- Could not decrypt data (Wrong key ?) - This means your key is not valid.
- Cannot decrypt paste: Decryption key missing in URL (Did you use a redirector or an URL shortener which strips part of the URL ?) - This means your URL does not contain a key. (You may also see if you try to visit URLs generated by referrer.)
- Paste does not exist, has expired or has been deleted. - For some reason the system could not find the paste requested. Either it's deleted, expired, or corrupted somehow
- Please wait 10 seconds between each post. - You need to wait 10 seconds.
- Wrong deletion token. Paste was not deleted. - Perhaps wrong delete URL was presented.
- You are unlucky. Try again. - It is highly unlikely you will see this error, as probability of encountering this error is 50% after 18446744073709551616 pastes are created. Try again if you do see this error.
- Invalid data. - Data presented by user side script is wrong. Either script is compromised, or your browser may be interpreting script wrong. Try with different browser and/or move to different network environment if possible.
- Server error. - Something wrong with server. Try again later.
Support
Bitmessage
Support services are offered through Bitmessage.
Operator
To contact the operator of HidekiBin, please send your inquiry to the following.
BM-2cW9SSN8hhLRNaKk9zx227GHd1SQh1DNp9
You may also subscribe to this address to receive up to date information about HidekiBin.
Mailing List
Mailing list on Bitmessage is also available. Anyone can join, but please remember there is no moderator.
- List name: HidekiBin
- Address: BM-2cX7xWWHXSCR4gikpUYESqaLEPFTxabYzZ
