diff --git a/.gitattributes b/.gitattributes index 7fbcce4e..096de3df 100644 --- a/.gitattributes +++ b/.gitattributes @@ -2,3 +2,4 @@ doc/ export-ignore tst/ export-ignore .gitattributes export-ignore .gitignore export-ignore +img/bee*.png export-ignore diff --git a/README.md b/README.md index fb033827..d64e85f9 100644 --- a/README.md +++ b/README.md @@ -1,21 +1,21 @@ # PrivateBin 0.22 -[![Build Status](https://travis-ci.org/PrivateBin/PrivateBin.svg?branch=master)](https://travis-ci.org/PrivateBin/PrivateBin) [![Build Status](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/badges/build.png?b=master)](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/build-status/master) +[![Build Status](https://travis-ci.org/PrivateBin/PrivateBin.svg?branch=master)](https://travis-ci.org/PrivateBin/PrivateBin) [![Build Status](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/badges/build.png?b=master)](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/build-status/master) [![Codacy Badge](https://api.codacy.com/project/badge/Grade/094500f62abf4c9aa0c8a8a4520e4789)](https://www.codacy.com/app/PrivateBin/PrivateBin) [![Code Climate](https://codeclimate.com/github/PrivateBin/PrivateBin/badges/gpa.svg)](https://codeclimate.com/github/PrivateBin/PrivateBin) -[![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/?branch=master) +[![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/?branch=master) [![Codacy Badge](https://api.codacy.com/project/badge/Coverage/094500f62abf4c9aa0c8a8a4520e4789)](https://www.codacy.com/app/PrivateBin/PrivateBin) [![Test Coverage](https://codeclimate.com/github/PrivateBin/PrivateBin/badges/coverage.svg)](https://codeclimate.com/github/PrivateBin/PrivateBin/coverage) [![Code Coverage](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/badges/coverage.png?b=master)](https://scrutinizer-ci.com/g/PrivateBin/PrivateBin/?branch=master) -PrivateBin is a minimalist, open source online pastebin where the server has zero -knowledge of pasted data. +PrivateBin is a minimalist, open source online pastebin where the server has +zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bit AES. This is a fork of ZeroBin, originally developed by [Sébastien Sauvage](https://github.com/sebsauvage/ZeroBin). It was refactored to allow easier and cleaner extensions and has now much more features than the -original. It is however still fully compatible to the original PrivateBin 0.19 -data storage scheme. Therefore such installations can be upgraded to this fork +original. It is however still fully compatible to the original ZeroBin 0.19 +data storage scheme. Therefore such installations can be upgraded to this fork without loosing any data. ## What PrivateBin provides @@ -29,21 +29,22 @@ without loosing any data. + Encryption of data sent to server. -+ Possibility to set a password which is required to read the paste. It further ++ Possibility to set a password which is required to read the paste. It further protects a paste and prevents people stumbling upon your paste's link from being able to read it without the password. ## What it doesn't provide -- As a user you have to trust the server administrator. If the server you use does - not use HTTPS (which is *not* recommend!) you also have to trust your internet provider +- As a user you have to trust the server administrator, your internet provider and any country the traffic passes not to inject any malicious javascript code. - All ZeroBin installation should use HTTPS. Ideally secured by + Ideally, the PrivateBin installation used should provide HTTPS, secured by [HSTS](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) and - [HPKP](https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning) using a - certificate either validated by a trusted third party (in most cases Certificate - Authorities) or self-signed by the server operator, validated using a - [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) protected + [HPKP](https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning) using a + certificate either validated by a trusted third party (check the certificate + when first using a new PrivateBin instance) or self-signed by the server + operator, validated using a + [DNSSEC](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) + protected [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) record. @@ -53,16 +54,16 @@ without loosing any data. use a strong password and do only share it privately and end-to-end-encrypted. - A server admin might be forced to hand over access logs to the authorities. - ZeroBin encrypts your text and the discussion contents, but who accessed it + PrivateBin encrypts your text and the discussion contents, but who accessed it first might still be disclosed via such access logs. -- In case of a server breach your data is secure as it is only stored encrypted on - the server. However the server could be misused or the server admin could be legally - forced into sending malicious JavaScript to all web users, which grabs the decryption key - and send it to the server when a user accesses a ZeroBin. - Therefore do not access any ZeroBin instance if you think it has been compromised. As long - as no user accesses this instance with a previously generated URL, the content cannot be - decrypted. +- In case of a server breach your data is secure as it is only stored encrypted + on the server. However the server could be misused or the server admin could + be legally forced into sending malicious JavaScript to all web users, which + grabs the decryption key and send it to the server when a user accesses a + PrivateBin. Therefore do not access any PrivateBin instance if you think it + has been compromised. As long as no user accesses this instance with a + previously generated URL, the content can''t be decrypted. ## Options @@ -77,14 +78,17 @@ file](https://github.com/PrivateBin/PrivateBin/wiki/Configuration): * Markdown format support for HTML formatted pastes -* Syntax highlighting for source code using prettify.js, including 4 prettify themes +* Syntax highlighting for source code using prettify.js, including 4 prettify + themes -* File upload support, images get displayed (disabled by default, possibility to adjust size limit) +* File upload support, images get displayed (disabled by default, possibility + to adjust size limit) * Templates: By default there is a bootstrap CSS and a "classic ZeroBin" theme and it is easy to adapt these to your own websites layout or create your own. -* Translation system and automatic browser language detection (if enabled in browser) +* Translation system and automatic browser language detection (if enabled in + browser) * Language selection (disabled by default, as it uses a session cookie) @@ -92,7 +96,7 @@ file](https://github.com/PrivateBin/PrivateBin/wiki/Configuration): * [Installation guide](https://github.com/PrivateBin/PrivateBin/wiki/Installation) -* [Upgrading from 0.19 Alpha](https://github.com/PrivateBin/PrivateBin/wiki/Upgrading-from-ZeroBin-0.19-Alpha) +* [Upgrading from ZeroBin 0.19 Alpha](https://github.com/PrivateBin/PrivateBin/wiki/Upgrading-from-ZeroBin-0.19-Alpha) * [Configuration guide](https://github.com/PrivateBin/PrivateBin/wiki/Configuration) @@ -104,3 +108,5 @@ file](https://github.com/PrivateBin/PrivateBin/wiki/Configuration): Run into any issues? Have ideas for further developments? Please [report](https://github.com/PrivateBin/PrivateBin/issues) them! + +![PrivateBin Logo](https://raw.githubusercontent.com/PrivateBin/PrivateBin/master/img/favicons/android-chrome-192x192.png) diff --git a/favicon.ico b/favicon.ico index ecaa4802..86207056 100644 Binary files a/favicon.ico and b/favicon.ico differ diff --git a/img/favicons/android-chrome-192x192.png b/img/favicons/android-chrome-192x192.png index 60e0a08b..aa0770a3 100644 Binary files a/img/favicons/android-chrome-192x192.png and b/img/favicons/android-chrome-192x192.png differ diff --git a/img/favicons/apple-touch-icon.png b/img/favicons/apple-touch-icon.png index 8dae94ea..5639c2c9 100644 Binary files a/img/favicons/apple-touch-icon.png and b/img/favicons/apple-touch-icon.png differ diff --git a/img/favicons/favicon-16x16.png b/img/favicons/favicon-16x16.png index 5a76b39c..4a55dbbb 100644 Binary files a/img/favicons/favicon-16x16.png and b/img/favicons/favicon-16x16.png differ diff --git a/img/favicons/favicon-32x32.png b/img/favicons/favicon-32x32.png index a526cb28..9c8331b4 100644 Binary files a/img/favicons/favicon-32x32.png and b/img/favicons/favicon-32x32.png differ diff --git a/img/favicons/favicon-96x96.png b/img/favicons/favicon-96x96.png index 7e0e65f6..b79a0940 100644 Binary files a/img/favicons/favicon-96x96.png and b/img/favicons/favicon-96x96.png differ