

Ask HN: What about a community-driven paste service? - seyz

Hi hackers !<p>I launched a really really simple paste service ( http://yaap.it ). It's a fully community-driven project. For now, the paste service has no extra (useless ? YOU decide.) features. To participate, go to the github repo: http://github.com/SeyZ/yaapit<p>My questions are:<p>- Do you use a paste service ? If yes, which ones ?<p>- I hate abusive advertising. And you ?<p>- Do you care about the privacy control of the paste content (encrypted paste) ?<p>- Do you care about a new community-driven paste service ?<p>(Feature request are welcome ! http://github.com/SeyZ/yaapit/issues)
======
arkitaip
I often use pastebins to send passwords (instead of emailing them) and would
like it if the url was destroyed after being opened or after x minutes.
Obviously you would need SSL for this to work.

I would really need to know _exactly_ what you mean by client side encryption.
In its current incarnation I wouldn't use YAAP to send anything sensitive
since I don't know how safe it is.

Btw, the URLs are way too long. Any possibility of shortening them?

~~~
seyz
I totally agree about the "burn after reading" feature or about "Burn after X
secs".

Before sending the content:

1) The paste text is encrypted using aes-256-cbc algorithm.

2) A secure random token (a simple ID) is generated.

3) The secure random secret key is generated.

4) The url will be
[http://yaap.it/paste/<ID>#<secret_key>](http://yaap.it/paste/<ID>#<secret_key>);

5) The encrypted content and the ID is sent to the server. The anchor (the
secret key) is _never_ sent !

6) When you give the url to someone, the ID and the secret key is still in the
url. So the content can be decrypted (client-side too) thanks to this
information.

To shorten the paste url, you can use an external service. BUT, the external
service will have the secret key. It depends on what you want. Maybe an idea ?

------
raphdg
1\. The "burn after reading" option is a must have.

2\. I love the fact that every content sent through the network is encrypted.
The only unsafe part is how we, users, share the URL since it contains the
secret key.

3\. Yaap.it sounds good.

4\. No pub is good. Any limitations of size / yaaps per seconds ?

~~~
seyz
1\. The "burn after reading" feature is added to the github issues list (As a
"Feature request"). 2\. Yes, but you control the way of you share it. 3\.
Thanks. 5\. I wait some spams... However, 1 paste per X secs is not difficult
to implement.

