🇩🇪:youjo-pink:
>advertise it
>profit
@EnjuAihara store contents encrypted and decrypt when serving
@EnjuAihara Doesn't work. Idea is you can't be held responsible or legally compelled for anything if it's all encrypted and you comply when asked. If the entire drive is encrypted then you have the keys to unlock it. It's as useless as it gets. But if each request includes a private key you can then not log you can't be held responsible
@EnjuAihara @applejack applejack is right tho, if you want zero knowledge, you have to have the clients encrypt their files before uploading them
@KayFaraday @EnjuAihara That can't be done unless you expect people to enable JS, but you can encrypt it server side and not store any knowledge of it
@EnjuAihara @applejack disagree; sometimes it's necessary
@Chizu @applejack @EnjuAihara lol what
JS on an onion does not mean that the client suddenly can't verify the code, that the site operators can't publish the source code, or that the code is automatically doing anything nefarious
if you want a simple zero-knowledge pastebin in onion-space, you have no choice but to use JS
@Chizu @applejack @EnjuAihara a compromised site is… compromised, regardless of JS being sent to the client. Think about it, if they can control what JS the server sends, they can most likely control what the server does, as well.
@KayFaraday @Chizu @EnjuAihara That's not really the point. Without JS the only method they have of getting info is a few http headers and an obfuscated ip
@applejack @Chizu @EnjuAihara yeah and what will they get with JS that is actually useful without running a fingerprint database or some such?