LogoAwesome Homelab
Logo of PrivateBin

PrivateBin

PrivateBin is a minimalist, open-source pastebin with zero-knowledge server encryption.

Introduction

PrivateBin

PrivateBin is a minimalist, open-source online pastebin designed for secure text sharing where the server has zero knowledge of the pasted data. Data is encrypted and decrypted directly in the browser using 256-bit AES in Galois Counter Mode, ensuring privacy and security. It is a fork of ZeroBin, originally developed by Sébastien Sauvage, and has been enhanced with additional features and cleaner extensions while maintaining compatibility with ZeroBin 0.19 data storage.

Key Features
  • Zero-Knowledge Encryption: Server administrators have no access to paste content, providing plausible deniability.
  • Password Protection: Option to secure pastes with a password to restrict access.
  • Expiration Options: Includes settings for 'burn after reading' and 'forever', along with other expiration times.
  • Markdown Support: Format pastes in HTML with a preview function.
  • Syntax Highlighting: Supports source code with multiple themes via prettify.js.
  • File Uploads: Optional support for images, media, and PDFs with adjustable size limits.
  • Customizable Templates: Offers themes like Bootstrap CSS and classic ZeroBin, with easy adaptation for personal websites.
  • Discussions: Enable anonymous or nicknamed discussions with IP-based identicons.
  • QR Code Sharing: Easily transfer paste URLs to mobile devices.
Use Cases

PrivateBin is ideal for developers, security-conscious users, and organizations needing to share sensitive text, code snippets, or documents securely. It suits scenarios requiring temporary data sharing without server-side access, such as sharing API keys, confidential notes, or collaborative debugging. Server administrators benefit from reduced liability as they cannot access content, making it a practical choice for hosting services.

Security Considerations

While PrivateBin ensures data encryption, users must access it over HTTPS and trust the server admin not to inject malicious code. Publicly shared URLs without passwords are accessible to anyone, so password protection is recommended for private content.