Anonymous launches own secure Pastebin

Summary:After raging against Pastebin's apparent move to censor sensitive information on its free service, Anonymous has created its own paste service, AnonPaste.

After raging against Pastebin's apparent move to censor sensitive information on its free service, Anonymous has created its own paste service, AnonPaste.

Viewing the source code of a paste reveals the ciphertext.
(Screenshot by Michael Lee/ZDNet Australia)

Previously, Pastebin owner Jeroen Vader had welcomed Anonymous' use of Pastebin for press releases, but he didn't want groups posting sensitive information, for example credit card numbers, on the site. He had been policing this by referring to reports of abuse, but then revealed to the BBC that he intended to hire moderators to take down sensitive information from the site.

This move displeased Anonymous, which vented its anger over what it saw to be a form of censorship. Now, Anonymous has teamed up with the Peoples Liberation Front (PLF) to develop its own pasting service based on the open-source ZeroBin software.

In a joint press release pasted on the new site, AnonPaste, the two organisations further dug their heels into Pastebin for the alleged censorship of information.

"Pastebin is not only willing to give up IP addresses to governments — but apparently has already given many IPs to at least one private security firm. And these leaked emails also revealed a distinct animosity towards Anonymous," the two organisations wrote.

"Paste services have become very popular, and many people want to post controversial material. This is especially so for those involved in information activism. We feel that it is essential that everyone, and especially those in the movement, have a safe and secure paste service that they can trust with their valuable and often politically sensitive material. As always, we believe in the radical notion that information should be free."

The free AnonPaste service claims to use 256-bit AES encryption to store pasted information on its servers, so that if seized, authorities would be unable to decrypt its contents. However, the decryption key forms part of the URL, meaning that whoever knows it is also able to read the information. At present, content appears to be stored on the servers of the PLF.

Decryption of pastes occurs in the browser, and is implemented in JavaScript. Curious users are able to view the source of the page to see the paste in its ciphertext version, and locate the JavaScript libraries responsible for encryption and decryption.

Although it has not provided the technical background to support its claim, AnonPaste has asserted that it doesn't have the ability to delete any pastes. Pastes can be set to be automatically removed after a set period of time, however. It will also not be "policing" the service, instead placing legal responsibility back on the paster.

Encrypting pastes is not a feature unique to AnonPaste. There are a number of other sites employing encryption, such as PasteCrypt, SecurePasteBin, CryptoBin and EZCrypt.

Topics: Security

About

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.