Hacker News new | past | comments | ask | show | jobs | submit login

Interesting... but bafflingly, doesn't the URL shortener service they provide totally defeat this?

http://snipurl.com/230jiso

They allow you to shorten the URL by using another service. But now snipurl.com has your URL fragment and can read your stuff!




True, but this isn't where you are going to store your credit card information. My guess is that this is a defense against those who want to control the Internet through legislation.

Imagine a world where SOPA had passed, and everyone who ran a website was legally responsible for everything that their users did.

In that scenario, one way for website operators to protect themselves is to make it impossible to know what their users are doing.

The 3rd party URL shorting service is not storing or associated with the encrypted data and is also not responsible for it.

So this may not be about private data so much as it is about protecting the freedom of information.


You can't hack the law. All the legislators have to do is to make it mandatory for the site owners to be able to search through site contents.


It would be pretty easy to build a tool to route around that type of law. I create a service that encrypts blobs of data (encryptmyblo.bs), and uses a (publicly defined somewhere) postMessage API to communicate that blob to and from a key value store provided by a third party. I have my friend set up a key value store service provider that stores and retrieves blobs (storemyblo.bs), including the facility to search for stored blobs of data based on binary strings.

Because the services exchange those KVPs via a postMessage API, neither service is actually communicating with one another directly or have a formal association. The user is effectively (via the browser) moving the data from one service to another. Since EncryptMyBlo.bs doesn't store any data, and StoreMyBlo.bs doesn't have visibility into the data, neither service would be in violation of those requirements.


It would also be pretty easy to make encryption illegal.


No, because the goal isn't to protect the user's data from being "leaked", it's to protect the user from the hosting site (zerobin) being forced to take down their posts.


Quoth the project page; "Admins can still remove a document upon injunction or infringement notice… but have no way to tell if the same document has been posted again."


So what happens when Zerobin or SnipURL is ordered to take down "all posts from the same client IP address as the post with the shortened URL of ..."?


Don't log IPs? End user IP's are mostly dynamic anyway.


And run the entire server out of memory. 64GB of ram is cheap on servers now; you boot from a write-protected flash drive, and everything is done in memory. If you power the box down, anything stored in ram is lost.


> If you power the box down, anything stored in ram is lost.

That's the theory of ideal RAM, but in practice RAM is not ideally volatile. Cf.: http://en.wikipedia.org/wiki/Cold_boot_attack


I believe that in almost all cases, the LEO tasked with seizing equipment in an operation are going to be ill-equipped to execute this attack. Now, if its the CIA or NSA after you, you have other problems.


SnipURL doesn't seem to make that claim. They even load https://www.paypal.com/en_US/i/scr/pixel.gif which has a tracking cookie.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: