HidekiBin Support
Contents
- 1 About this page
- 2 Status
- 3 FAQ
- 3.1 General Questions
- 3.1.1 What is HidekiBin?
- 3.1.2 Where is HidekiBin?
- 3.1.3 Is there any way to integrate HidekiBin better on my desktop?
- 3.1.4 Is this possible to specify IP address to access to the service? (As opposed to relying on DNS?)
- 3.1.5 Did you make it?
- 3.1.6 How does it work?
- 3.1.7 How can it be used?
- 3.1.8 Why is the site not using SSL/TLS?
- 3.1.9 Isn't JavaScript based crypto bad idea?
- 3.1.10 What it should not be used for
- 3.1.11 Is there any way to delete a paste?
- 3.1.12 I lost part of my URL and I am getting error when I try to retrieve the text, can you help me recover the content?
- 3.1.13 I try to post Burn After Reading message to Facebook and even the first person accessing gets expired message
- 3.1.14 What URL shortener works with HidekiBin?
- 3.1.15 What can go wrong?
- 3.1.16 Why should I trust you?
- 3.1.17 How can you prove me no cleartext of my message is not being transmitted.
- 3.1.18 Is there any guarantee that the paste is stored for specified time?
- 3.1.19 Is it logged?
- 3.1.20 Why the name of the site is so egotastic?
- 3.1 General Questions
- 4 Error Messages
- 5 Support
- 6 Footnotes
About this page
This page covers support information for HidekiBin.
Status
Expected Outage
None at this moment.
Known Issues
No known issues.
FAQ
General Questions
What is HidekiBin?
It's a site to store small texts
Where is HidekiBin?
http://hidekibin.hidekisaito.com
Is there any way to integrate HidekiBin better on my desktop?
If you use Google Chrome, there is a Chrome Application for HidekiBin.
Is this possible to specify IP address to access to the service? (As opposed to relying on DNS?)
Yes, if you have IPv6. Use: http://[2607:f298:5:101f::7f:8ea2]/
Did you make it?
No, I do not claim ownership of the code, as it is an adaptation of ZeroBin. HidekiBin may be incorporating some original changes, but they are usually for cosmetic changes that does not affect core functionality.
How does it work?
The system is based on ZeroBin. The system supports all the features ZeroBin supports.
How can it be used?
You can use it to share snippets of text.
Other ideas including:
- Send your awesome source code to your friend to prove your worthiness (syntax highlighting is cool!)
- Using as a scratchpad to send text from one machine to another
- Writing a love letter you are not going to send
Why is the site not using SSL/TLS?
From December 2014, this site supports SSL/TLS. Point your browser to https://hidekibin.hidekisaito.com. However, because it is using SNI based SSL/TLS, older browser may not work.[1]
To protect you further, you can add hidekibin.hidekisaito.com to your own HSTS list on chrome by navigating to chrome://net-internals/#hsts. Inclusion request to the official HSTS list is not considered at this time as it is not possible to register, just sub-domain as opposed to base domain. By accessing HTTPS version of the site, compatible browser will set HSTS policy that lasts for seven days, thus you will have the same effect as if you have done the process above for next seven days.
Isn't JavaScript based crypto bad idea?
In a sense, you are trusting that the host is sending correct (uncompromised) script everytime you use the service. So if in the case of breach, it is possible someone might replace cryptographic script. It could be that someone between host and you may replace script to compromise your security. That's why I'd recommend you to use tools like GnuPG with HidekiBin. This way, even the script is compromised, your content is still safe.
But keep in mind there are a lot of other ways way worse and less obvious things that malicious parties can do to compromise your security, such as key logger, screen captures and other data on your computer. Use of HidekiBin won't help you protect against such attacks.
If you are in doubt, I invite you to attempt to verify HidekiBin JavaScript files with signature by myself.
What it should not be used for
As this is mainly being an experimental service, it should not be used for exchanging sensitive information.
There's no claims regarding the integrity of the system. Generally, you shouldn't be putting anything you wouldn't be comfortable writing using other services.
Is there any way to delete a paste?
If you've kept Delete link URL when you created your paste, yes. Otherwise, no.
I lost part of my URL and I am getting error when I try to retrieve the text, can you help me recover the content?
No, I don't even have a way to do that. Essentially this means your paste is practically gone for good.
I try to post Burn After Reading message to Facebook and even the first person accessing gets expired message
Facebook and many other social network visit the URL in question to generate snippet to post on the site. Therefore, by the time intended user visit the paste in question, it is already invalidated at the time you paste your URL on those networks.
In addition, some messaging system like Skype may have the same issue. So no, you can't do "first one to visit..." campaign using HidekiBin. You may want to use short expiry instead.
What URL shortener works with HidekiBin?
Use of URL shortener is not recommended when using HidekiBin. If you use URL shortner, you should remember that key will be stored on shortner service, making it less secure.
Having said that Goo.gl and Bit.ly should work. Other shorterner may work, but I haven't tested them.
What can go wrong?
FAQ at Zerobin project page has some information about security.
If you feel like you need to actually protect your content, consider using tools like GnuPG.
Why should I trust you?
Ugh, if you can't trust me, host your own...
How can you prove me no cleartext of my message is not being transmitted.
Wireshark it, or if you are using Google Chrome, try chrome://net-internals and find out what's being transmitted… You can also see the source of the resulting paste, which would have something like:
[{"data":"{\"iv\":\"aD0sJ8wcVAjmYyZwwXJJ3A==\",\"v\":1,\"iter\":1000,\"ks\":128,\"ts\":64,\"mode\":\"ccm\",\"adata\":\"\",
\"cipher\":\"aes\",\"salt\":\"U8KyWrk8V2w=\",\"ct\":\"GE4JCRMNi6HXOfDrePiu3CHLScc=\"}",
"meta":{"expire_date":1373591794,"postdate":1370999794,"remaining_time":2591933}}]
instead of actual text. (This is visible, as when it is viewed as a source, it won't execute Javascript.)
Is there any guarantee that the paste is stored for specified time?
In short, no. Service may shut down, I might scrape old data in an effort to save some disk space, etc. The service is provided as-is and I do not assume any liabilities arising from your use of this service. Whether that is due to lost data, data breach, and any direct or indirect damages in consequence of using this service.[2]
Is it logged?
I maintain five days worth of logs, and the system derives statistical information about the site. This is mainly to diagnose problems the service may be encountering. If you are in doubt, use Tor or VPN services.
The full URL including key is not logged into the system, so it is mostly difficult (even impossible) for me to access to any of pastes submitted. (Unless, referring site has the full URL.) Specifically, the log will appear on my end like the following. (I[ address is obfuscated from the actual log.)
x.x.x.x - - [18/Jan/2015:19:36:37 -0800] "GET /?bfe8fa1c505dd83f HTTP/1.1" 200 6150 "https://hidekibin.hidekisaito.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.99 Safari/537.36"
After five days, the logs are discarded but some statistical information will remain on the system. (The service provider may keep more log than I do, but the same limitation applies in terms of what information they can get from it.)
Why the name of the site is so egotastic?
Because it was for my own use but decided to open it up for everyone.
Error Messages
- Could not decrypt data (Wrong key ?) - This means your key is not valid.
- Cannot decrypt paste: Decryption key missing in URL (Did you use a redirector or an URL shortener which strips part of the URL ?) - This means your URL does not contain a key. (You may also see if you try to visit URLs generated by referrer.)
- Paste does not exist, has expired or has been deleted. - For some reason the system could not find the paste requested. Either it's deleted, expired, or corrupted somehow
- Please wait 10 seconds between each post. - You need to wait 10 seconds.
- Wrong deletion token. Paste was not deleted. - Perhaps wrong delete URL was presented.
- You are unlucky. Try again. - It is highly unlikely you will see this error, as probability of encountering this error is 50% after 18446744073709551616 pastes are created. Try again if you do see this error.
- Invalid data. - Data presented by user side script is wrong. Either script is compromised, or your browser may be interpreting script wrong. Try with different browser and/or move to different network environment if possible.
- Server error. - Something wrong with server. Try again later.
Support
Bitmessage
Support services are offered through Bitmessage.
Operator
To contact the operator of HidekiBin, please send your inquiry to the following.
BM-2cW9SSN8hhLRNaKk9zx227GHd1SQh1DNp9
You may also subscribe to this address to receive up to date information about HidekiBin.
Mailing List
Mailing list on Bitmessage is also available. Anyone can join, but please remember there is no moderator.
- List name: HidekiBin
- Address: BM-2cX7xWWHXSCR4gikpUYESqaLEPFTxabYzZ
Footnotes
- ↑ Use of Let's Encrypt certificates are being planned once it's available.
- ↑ Because of the way the system works even if a data breach occurs, it is technically very hard for the offender to decrypt the message, but I won't guarantee its safety.
