Inspired by ZeroBin I started to wonder whether you could create a pastebin service with no server side component. Shortly (yeah I'm not really sure what is with the name) is the result of that.
Data is compressed using the deflate algorithm, then base64 encoded to ensure it can be stored safely in a URL. It is then set as the window.location.hash of the current page. Testing with various URL shorteners has shown that they don't care about long URLs generated by this. I still need to add checks to ensure that the URL isn't too long (I'm looking at you IE), but as a quick proof-of-concept I'm happy with what I've come up with. I'm wondering whether the same idea could be used to share data in other formats...
I use the same method for share links in http://padhacker.net, a server-less JSFiddle-type of tool. The data is just JSON, but I've been toying with adding arbitrary binary files. The link fragments explode with even small images. Some sort of chunking might be able to address this, with part of the fragment pointing to the next short URL in the series. (I recall seeing a project on top of bit.ly doing exactly this, but can't seem to find it.)
Hashify.me lets you store an entire webpage in a url. As I recall it links bitly addresses. This lets you store up to 22500 characters.
Now you combine that with this in a bookmarklet / plugin. Add some obfuscation so bitly or whatever url shortener you use has a hard time detecting you and so the wrong anchor or no anchor shows an innocuous page.
Now the host isn't aware of the existence of the data nor is the encryption being done using server side code.
I am of course probably missing a huge flaw, so someone tell me why this won't work and how to fix it.
datauri encoded would be larger (this is deflated before being based64 encoded), and the formatting for the docuent needs to be encoded within the URL where as this doesn't. Plus it doesn't make a cool HN story :P
Well yes, and no. All paste data is stored in the URL, and the algorithm for encoding/decoding is known[1]. Github-hosted tool provides only the default implementation.
You're right, data: would be more pure, but AFAIR it has some limitations.
One problem I noticed with it though:
It does not work correctly with Japanese text. I can input & "save" Japanese, but upon opening that link the text will not be displayed correctly.
I think you should implement the hash-based encryption key support from Zerobin, though. That way you could send around the message or the message and the key, as you choose.
Why would you want a pastebin app to encrypt your stuff for you? A pastebin is a place where you just post something for random folks to view. It's like imgur for text. Yeah, there's ezcrypt, but I honestly don't see the point.
If you want to password-protect your paste, you are free to pass it through GPG before posting it. Much better security than trusting a third party's JS library which may have been modified in transit or even contain a back door.
By encrypting the data before turning into a URL neither the server, nor anyone who obtains that URL would be able to read the message without knowing the password.
Data is compressed using the deflate algorithm, then base64 encoded to ensure it can be stored safely in a URL. It is then set as the window.location.hash of the current page. Testing with various URL shorteners has shown that they don't care about long URLs generated by this. I still need to add checks to ensure that the URL isn't too long (I'm looking at you IE), but as a quick proof-of-concept I'm happy with what I've come up with. I'm wondering whether the same idea could be used to share data in other formats...