- cross-posted to:
- privacyguides@lemmy.one
- cross-posted to:
- privacyguides@lemmy.one
How does it differ from PrivateBin?
I just copy&pasted their README in chatgpt asking for a comparison (so there may be allucinations)
Both PrivateBin and Paaster are “pastebin” tools that allow users to share snippets of text or code online. Both emphasize privacy and security, encrypting data at the local level in the user’s browser before sending it to the server. However, there are several key differences between the two services:
-
Design and User Interface: While PrivateBin self-identifies as a minimalist pastebin, Paaster seems to put an emphasis on user experience, offering features like file drag & drop and a paste history.
-
Features: Both offer basic features like password protection and the option to delete data after reading, but PrivateBin also offers features like the ability to have anonymous or nicknamed discussions, Markdown formatting support, code syntax highlighting, and the ability to upload files. On the other hand, Paaster offers a paste history feature, PWA support, and i18n.
-
Trust: PrivateBin warns users not to blindly trust the server administrator, whereas Paaster advises users to either host their service or use a trusted hosting service.
-
Implementation and Maintenance: Paaster seems more developer-oriented, with API documentation, a CLI tool, and support for Vercel and Docker. PrivateBin, however, also has a developer and installation guide.
-
Hosting Options: Paaster seems more geared towards self-hosting, with detailed instructions for use with Docker and options for use with external storage services like Amazon S3 and Google Cloud Storage. PrivateBin does not provide specific hosting details in the provided text.
-
Security: Both use end-to-end encryption, but they use different encryption algorithms. Paaster uses XChaCha20-Poly1305, while PrivateBin uses 256-bit AES in Galois Counter mode.
These are just some of the key differences between the two services. Both have their strengths and unique points, and the choice between the two will depend on the specific needs of the user or organization.
Surprising good comparison from ChatGPT. Some key points is Paaster does support syntax highlighting & Markdown.
PrivateBin’s conversation system isn’t encrypted.
Are you sure about Paaster supporting Markdonw? I only see syntax highlighting https://paaster.io/GtlseaIIhqtfcsZV1C8sS#BgT9miwSaeKzMLQ-Ch6d3KZlgfCmIR32dpYr06HXYTw
Aaah true, yea I was more meaning syntax highlighting for Markdown & not Markdown rendering. Thank you for the correction!
It wasn’t meant to be a correction … I just learned about this project so I’d just want to know more
-
Actually I did a Pros/Cons for Paaster compared to PrivateBin awhile ago here
https://github.com/privacyguides/privacyguides.org/issues/2015
Basically the TL;DR Modern encryption, doesn’t expose metadata, modern design (svelte + asyncio python), pwa support, frontend / backend code separation & paste history.
Isn’t the point of a pastebin to be publicly accessible, hence encryption seems irrelevant to me? I mean, I’ve only ever used them to share code or errors or logs with a forum or stack overflow or whatever. I have no reason to add key exchange or password exchange with “everyone who might view the forum / stack overflow”. It’s effectively public anyway.
Are people using these pastebin services for something else?
That’s your use case, but you could also want to share a picture with your family, or some confidential logs with a collegue or support team. However, I wouldn’t trust any online service for this use case though. If some information is confidential, you should encrypt it yourself, share it with your peer (you could use a pastebin), then share the key over a trusted channel that’s different from this pastebin.
Paaster doesn’t assume the users intent for the service. People can share a wide range of data in pastebins and users don’t always want this to be public.
This just seems like misunderstanding the point of a pastebin, and also what tools are appropriate. At least to me, depending on privacy demands, you’d use an existing cloud filesharing service like box for basic privacy, or if your correspondent understood encryption and privacy, you’d use something like Signal to share either a compressed image or data, or the actual file.
We’ll obviously people are finding / needing a use for a service like this. Paaster has 340+ stars & a similar project Privatebin has 5.1k stars.
Sometimes you want to share data briefly with others or to only a specific groups of people (private forums, game lobbies etc) so being able to do so quickly and securely can be extremely useful.
Also this is a privacy page, why should your Pastebin data be stored in raw text and easily indexable by the host? Obviously pastebin data has the potential to be sensitive (look at the amount of people leaking things on pastebin.com)
Also data leaks do occur! Why should all your pastes be publicly viewable when you only intended to share it with people XYZ platform etc.
The fact your unable to imagine use cases and benefits of such services / projects honestly amazes me.
I guess I just don’t get how you have share with “large” group of people and private and secure? I mean, pastebin anyway had a timeout. And the paaster github even says you have to run your own instance for security and privacy. If I’m running my own server, I presumably don’t need to encrypt my data from myself. If I am running my own server, and the security is explicitly the link, it’s not actually secure because the link grants access. But that’s to be expected, anything more and you get into needing to authenticate everyone, which is the exact opposite of easy or quick.
And for anything I’m concerned enough about to not share with the internet - I wouldn’t be posting on a game lobby or forum. Or I mean, if I trust the forum privacy, why not just… idk… post the text content to the forum?
My issue here isn’t that I don’t see the need for a pastbin sort of service, my issue is I think for the vast majority of usecases you’ve listed and I can imagine, you’re getting security theater, not actual security and privacy.
And the paaster github even says you have to run your own instance for security and privacy.
It says a “instance you host or trust” this is true of any web app (including Proton etc.)
Even if you self host data leaks can occur.
The fact you don’t see the need for a encrypted pastebin only speaks to your limited imagination.
Matter of facts are, people share data not wanting it to be indexable or open to data leaks by the server, data in pastebins can be sensitive & people are using E2EE pastebins.
Here is a use case what matches all your arbitrary requirements. “User wants to share sensitive data over a insecure channel (like discord), they can send a Paaster link what deletes after view, so if Discord ever tries to view it in the future they cant see the data.”
E2EE now labeled security theater 🤣
Maybe your specific use case doesn’t benefit off E2EE, but can’t believe I have to explain this. You aren’t the center of the universe and use cases of E2EE pastebins aren’t limited to your specific use case.
Even pastebin.com sees the benefit of “private” pastes, but according to your logic this shouldn’t even exist too!
Anyways this conversation has lost any sense of productivity & obviously your care or understanding of privacy is minimal.
As a final question (what I don’t want a response to) is, should every paste ever always be accessible by everyone?.. Hopefully your answer is no & you can put 2 & 2 together.
Have a good day & use any data collecting, raw text, insecure platform you want!
This looks incredible I think since toptal completely ruined hastebin this might be a future favorite if its easy enough to host it has a few issues like it seems to want MongoDB which is a humungous con to all of the pro’s with this app and if you can eventually pipe text through the cli to this thing it would be a perfect replacement.
one of my favorite uses for ----bin’s is being able to pipe log output to a URL using curl or something to get logs out of a server to a dev somewhere for debugging and foss reporting.
One of the things we used hastebin for was a /debugpaste which would instantly dump debug info and the last 1000 lines of the syslog to a hastebin. would be useful to replicate this using this.