File expiry #19
Comments
|
I discussed this with @k3d3 the other day. At the worst if we want to avoid having a DB we could just store it in a folder symlinked with the expiry date. So the directory 2015-08-08 with a symlink to the blob inside it. The cron job just has to enter that folder and hard delete the file linked. |
|
Yeah, that only works for daily expires and doesn't achieve much precision though. Will discuss later. |
|
Well, it doesn't have to be daily; it can be a week in the future - if today is 2015-08-01 then you make a directory called 2015-08-08, and make a symlink in that directory. Then, come 2015-08-08, just delete the actual files that are symlinked in that directory. It does, however, mean that you won't achieve any precision beyond one day. In any case, we should have some solution where figuring out what files need to be deleted doesn't require scanning a directory, and instead can work by just directly accessing something (In this case, a 2015-08-08 directory) |
|
Hi, I am new here and I never used Up1 in the past, your project hightly interrest me but this file expiration feature is unfortunately in my point of view, a lack for Up1. So, i agreed with this feature if somebody can implement it I will enjoy to use Up1 instead of Zerobin (& others) for my paste/file/img/video upload :) |
|
This is essential feature. First thing to implement ever. |
|
xeverse, care to explain your use case and threat model in which it would This is essential feature. First thing to implement ever. — |
some information should only exist for a limited specified amount of time in this universe. |
I totally understand, but if anyone harvested your key they also equally could have harvested the data you uploaded and deleting the data from our server does nothing for this use case. |
in case of these massive webmail providers they just keep the data, i.e the up1 image link in the mail. |
|
Even if we were to delete it (which you can trigger manually, just not So, if 3 letter agencies can already log your SSL or Tor traffic and
|
|
You referred to this feature request as the "First thing to implement ever". You believe our first priority should be ensuring that in case someone subpoenas your email order to retrieve a copy of your key, the data is already deleted? Why not only send your key over a medium which will not be stored and subpoenad in the first place? |
|
Yeah if you're sending Up1 links over an unsecured medium like email you're
|
this isn't cool or feasible sometimes.
This is true. in case of data channel security but not emails.
Right. That would be best case scenario. Now always possible tho. Majority of people we have to communicate with are braindead about information security or even basic network privacy issues. They are gonna use just fgmail no matter what. maybe it's just me. cypherpunkish. but client side encrypted hosting is cypherpunk. isn't it? |
We can not protect the privacy of people who are sending keys over a non-secure medium, they have lost that privacy as soon as they did that and it is impossible to resolve that issue with hacks to shred things just in case someone only read the data after the fact. |
|
ok. at least i've communicated my point of view. the ultimate occult reason is that some information affects the cause and effect in the universe |
Emailing your key is as good as emailing the data itself in plaintext, if you are indeed doing that with such disastrous information then I suggest you rethink your delivery medium ASAP. |
|
The link and the key is metadata. Which they keep forever these days. |
|
xeverse - they also keep full data to and from encrypted services like Tor, SSL and of course, Up1 itself, not just metadata. |
|
Maybe, not always i hope, yet. |
|
This is why we explicitly warn against sending Up1 links over insecure mediums. Do not do it. Anyone can grab it, ISPs anywhere along the line have access as well as anyone who hacks any of them, not just 3 letter agencies. |
|
The best use for Up1 is when you have a secure communications channel set up already (e.g. self-hosted XMPP, Signal, OTR, etc.) but it's not feasible to share files or images over that communications channel. It does not secure the key when sent over an insecure channel such as email, and file expiry does not change this. There are legitimate reasons why you'd want file expiry (for example, keeping the file count low on personal servers, preventing malware from grabbing keys in the future, or simply keeping a defense-in-depth approach and not keeping files around for longer than you need them), and for those reasons we'll still implement it in the future, however your concern isn't solved by file expiry. |
|
Good point. The clearnet is dead for human rights advocates or hacktivists. |
|
Please refrain from off topic political discussions on the issue tracker |
Hmmm. Data retention laws and nasty gag orders i guess. |
|
@andre-d .Ok. Thanks for the chat. |
|
Any progress on this matter? |
|
One approach for easy expiry would be an optional redis backend. hastebin is a simple and similar node app which does that. You configure a global expiration time (TTL) of 30 days from last access and redis handles it. This is a good solution for an administrator who just wants to manage storage space. |
|
We actually had a predecessor to Up1 (though privately) that was based on hastebin. The big difference was that we added some client-side javascript to decrypt with a key passed along in the anchor, so we actually know hastebin pretty well (and it's great for what it does!). With that being said, I'm fairly hesitant on adding server-side dependencies like redis to Up1, because it makes it more complicated to set up. I've written up some ideas on how to solve this in issue #58, if you're interested in taking a look and commenting on it. |
Requested by niols from IRC.
Make files expire after a user-selectable (maybe with a low default to save on server space) period of time.
We could do this by just deleting expired files on access and/or via cron job. Will need to store the expiry date/time somehow though.
The text was updated successfully, but these errors were encountered: