Saewyc Home

A small site for a small family

About

A nexus for our family's online lives. And a blag, of course.

Services

Pages

Issues and workarounds

Our pastey works, but some people may not be able to read what you saved.

issues-and-workarounds

One of the services we host is a form of 'paste bin' - a place you can quickly paste some text you'd like to share with someone online, and get a unique url to send to them. Ours is extremely privacy-respecting, but we just discovered a lack-of-convenience issue.

PrivateBin

We live in an age of shoulder-standing giants. PrivateBin is a fork of ZeroBin which is descended at least conceptually from PasteBin which itself was inspired by Ward's Wiki. This modern edition of the tool does the same thing all the previous ones have done - it lets you share a blob of text using a url.

But, what this one does is it never lets the server know what that text is. Your browser puts the text in an encryption envelope, then it sends it to the server without letting the server know how to unencrypt it.

Lack-of-convenience issue

Okay, so, the server gets this blob of encrypted text from browser. It doesn't know what it is, so it just stores it as a blob, and when someone requests that exact url again it sends it back.

BUT, this very modern site uses some nifty modern browser tech, specifically WebAssembly (Wasm). All the Wasm is doing, in PrivateBin, is using zlib to compress the blob, which is smart because it means it will take up less storage space on the server, and take less bandwidth/time to transmit. All very cool, unless you happen to be using high-security settings in your browser which disable WebAssembly because it can be used to identify your browser to a surveilor.

People who seek out a PrivateBin are also likely to be more than averagely concerned about privacy, and so more likely to have those privacy cranked up to 11.

Work around

So, if a text has been saved using the Wasm tool, someone who has Wasm blocked will not be able uncompress it, and therefore cannot unencrypt it. And, if a text is saved without using the Wasm it will be larger and take longer to transmit.

Most modern browsers which can use WebAssembly can also whitelist sites to allow them even when WebAssembly is otherwise prevented. And, of course, one can also lower, at least temporarily, the security stance of the browser.

But the most compatible workaround is to always have WebAssembly blocked.