I ran a very similar service for years. And yes it will be abused. I stopped when russian and chinese bots where sending many messages per seconds containing AI generated marketing bullshit with links to scammy sites in various format (html, bb code, markdown, …) and it became GB of text… :/. I still haven't finish to clean things up. The service is now discontinued because of this: https://paste.fulltxt.net/
It will be. Any time you offer something that allows anonymous uploads & shares (hell, sometimes even if you don't allow share, people will share accounts), it will be a silo 95% full of material that's illegal in practically every corner of the world.
If you play the good citizen and encrypt the files, giving the key to the owners, then you also don't have any means to preemptively detect and delete that stuff, you just keep waiting on some law agency knocking at your door. Also, if you openly say "hey I'll peek into your files to see if they are legal", then they will be the ones encrypting. Disallow that? It's a nightmare to detect and abusers are really, really creative! So much dedication too!
And it's not just CSAM, there will be detailed instructions on practically any illegal thing you couldn't even imagine.
It's bad, really bad, and I've grown to accept that small, closed community services (best with real-world connections) are the only way forward.
I wrote something similar as a toy project a while back, it's open source, and I host a "demo" version of it, but for fear of all of this, I limited it to only kilobytes of data and have the links expire after an hour.
I run it on my LAN for my own use, which is what I think it's best for, but I really don't like having something like this on the web.
Luckily, I've never advertised or shown it off so nobody but myself uses it, but I'll probably take down the demo site too, soon.
This. The reason why we don't have an un-siloed, general-purpose means of file transfer after 40 years of internet is probably more a legal than a technical one...
Usually youll find vendor lock ins because the actual hard part of this isn’t legal, it’s building a user base from non-technical users. And that usually requires having your standard included with platforms they already use.
This is why (for example) Google Drive and OneDrive have become so popular despite Dropbox being first to market.
There’s plenty of other file transfer solutions out there too but you’ll find the un-siloed ones will be lesser known than the siloed ones simply because of the power of $$$
I would personally suggest that this site probably "wants" accounts. Yes, with CAPTCHAs (on registration.) If you want to be able to ban people who abuse your service, you'll need some thing-that-is-costly-to-get-multiple-of to ban them by. Otherwise they just keep coming back.
To still be a "console-friendly pastebin", the result of doing that costly registration process, could just be a page that gives you a (private) URL, that works like the base URL does now. https://paste.c-net.org/b/{bucket} or something, where {bucket} is a UUIDv4, or anything else with enough entropy to not be able to brute-force enumerate your way into someone else's account URL.
The uploaded files themselves could still have short human-writable top-level paths, for ease of repeating them over the phone.
Though, I notice that when you upload a file, you get a "delete key" as well as a URL. IMHO the "delete key" shouldn't be a weird nonstandard header you send with an HTTP DELETE; it should just be a URL — e.g. https://paste.c-net.org/b/{bucket}/{delete_key} — that you can HTTP DELETE directly.
In other words, make /b/{bucket}/{delete_key} the file's "true name", and /{link} a "read-only view" of the file.
When you say abused, I assume you mean either CSAM or copyrighted material?
Is there a hash database or something that could be queried to block known bad stuff? (would probably fail in the face of compression or encryption, but catching the low-hanging fruit would at least probably handle any potential legal liability?) Seems like something useful AI would actually work well for, if FBI/publishers/etc., would train a model and release it or host a service with an API.
p4bl0|1 year ago
The full code for the service is here: https://paste.fulltxt.net/42
The command-line paste tool was this simple script: https://paste.fulltxt.net/txtp
In another distant past, I ran an URL minification service at http://uzy.me/, and there too because of spams, I had to discontinue it.
Spam is really killing the internet… This actually saddens me.
stavros|1 year ago
egeozcan|1 year ago
If you play the good citizen and encrypt the files, giving the key to the owners, then you also don't have any means to preemptively detect and delete that stuff, you just keep waiting on some law agency knocking at your door. Also, if you openly say "hey I'll peek into your files to see if they are legal", then they will be the ones encrypting. Disallow that? It's a nightmare to detect and abusers are really, really creative! So much dedication too!
And it's not just CSAM, there will be detailed instructions on practically any illegal thing you couldn't even imagine.
It's bad, really bad, and I've grown to accept that small, closed community services (best with real-world connections) are the only way forward.
fragmede|1 year ago
https://news.ycombinator.com/item?id=41901168
alias_neo|1 year ago
I run it on my LAN for my own use, which is what I think it's best for, but I really don't like having something like this on the web.
Luckily, I've never advertised or shown it off so nobody but myself uses it, but I'll probably take down the demo site too, soon.
EDIT: Typo
guerrilla|1 year ago
Our first technology, community, serves a purpose after all.
xg15|1 year ago
hnlmorg|1 year ago
This is why (for example) Google Drive and OneDrive have become so popular despite Dropbox being first to market.
There’s plenty of other file transfer solutions out there too but you’ll find the un-siloed ones will be lesser known than the siloed ones simply because of the power of $$$
GoblinSlayer|1 year ago
derefr|1 year ago
I would personally suggest that this site probably "wants" accounts. Yes, with CAPTCHAs (on registration.) If you want to be able to ban people who abuse your service, you'll need some thing-that-is-costly-to-get-multiple-of to ban them by. Otherwise they just keep coming back.
To still be a "console-friendly pastebin", the result of doing that costly registration process, could just be a page that gives you a (private) URL, that works like the base URL does now. https://paste.c-net.org/b/{bucket} or something, where {bucket} is a UUIDv4, or anything else with enough entropy to not be able to brute-force enumerate your way into someone else's account URL.
The uploaded files themselves could still have short human-writable top-level paths, for ease of repeating them over the phone.
Though, I notice that when you upload a file, you get a "delete key" as well as a URL. IMHO the "delete key" shouldn't be a weird nonstandard header you send with an HTTP DELETE; it should just be a URL — e.g. https://paste.c-net.org/b/{bucket}/{delete_key} — that you can HTTP DELETE directly.
In other words, make /b/{bucket}/{delete_key} the file's "true name", and /{link} a "read-only view" of the file.
daniel-s|1 year ago
t-3|1 year ago
Is there a hash database or something that could be queried to block known bad stuff? (would probably fail in the face of compression or encryption, but catching the low-hanging fruit would at least probably handle any potential legal liability?) Seems like something useful AI would actually work well for, if FBI/publishers/etc., would train a model and release it or host a service with an API.
j16sdiz|1 year ago
Actually No. It take 5 minutes to create a script to randomize a password, encrypt and upload.
Abusers have been doing the same for 20+ years and it is very effective.