diff --git a/FAQ.md b/FAQ.md index 45c3687..019ad04 100644 --- a/FAQ.md +++ b/FAQ.md @@ -1,16 +1,51 @@ Please have a look at these questions *before* opening an issue in this repo. -## Why have you changed your name? +## General + +### Why have you changed your name? PrivateBin started as a fork of [ZeroBin](https://github.com/sebsauvage/ZeroBin). As PrivateBin got developed independently of ZeroBin and many new features were added, the design was improved and many security vulnerabilities were fixed, so we thought it was time for a change, which displays the development efforts, which were used to improve PrivateBin. -## Why is it named "PrivateBin"? +### Why is it named "PrivateBin"? -We have [asked the ZeroBin community](https://github.com/elrido/ZeroBin/issues/79) and chose the most popular name. +We have [asked the ZeroBin community](https://github.com/elrido/ZeroBin/issues/79) and chose [the most popular name](https://github.com/elrido/ZeroBin/issues/79#issuecomment-242116386). -![resultspollzerobinnewname](https://cloud.githubusercontent.com/assets/11966684/17937861/e2488d0e-6a23-11e6-8009-2770d9eee8ab.png) +### If I use PrivateBin and post the link in a forum/in social media/... is my content secure? -## Should I switch from ZeroBin to PrivateBin? +As long as you set no password, **everyone who has the link can see the content of a PrivateBin**! +The only way to prevent this is to set a long, secure password when uploading. You can find many tips to create secure password online, one of the most famous ones is shown in [this xkcd comic](https://www.xkcd.com/936/) ([explanation](https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength)). + +### The URL is so long. Can't I just use a URL shortener? + +Of course you can, nobody can prohibit you from doing so. However we generally **do not recommend it**. As said in the previous question everybody who has the URL can view the PrivateBin. This includes URL shorteners, so when you submit + +If you really want to use an URL shortener we recommend you to use a self-hosted one. If this is not possible, you may check if the URL shortener: + +* offers HTTPS on the page where you enter the PrivateBin URL +* the generated short URL is a HTTPS URL +* does not publish the shortened URLs somewhere + +If these requirements are fulfilled, you may want to use it. If you additionally selected to destroy the PrivateBin on the first visit or you encrypted your paste with a strong password (see previous question), you can now be fairly sure, nobody read your messages. + +For server admins we actually [provide a way](https://github.com/PrivateBin/PrivateBin/wiki/Configuration#urlshortener) to integrate an URL shortener into PrivateBin. Of course the same arguments apply here as well. + +### Why should I use PrivateBin? + +#### As a user... +* you can keep secrets such as passwords out of chats and share them with others +* you can choose a trusted provider (maybe a friend or even yourself when self hosting the service) +* you can upload files* +* and select the storage time* +* you can discuss topics with other people + +\* Only if the server admin has enabled this feature. + +#### As a server admin... +* you are protected against legal orders forcing you to scan the content you receive from your users (which is not possible +* you provide a service for [those who need it](https://www.schneier.com/blog/archives/2015/06/why_we_encrypt.html) +* you can customize theme and the code of PrivateBin, everything is open-source + +### Should I switch from ZeroBin to PrivateBin? In short: Yes. @@ -18,7 +53,9 @@ The longer answer is: ZeroBin is outdated and not maintained anymore. As you may You may also look at the release notes of PrivateBin to see what else changed. -## How to fix "There is no suitable CSPRNG installed on your system"? +## Technical + +### How to fix "There is no suitable CSPRNG installed on your system"? This error means you do not have a secure cryptographic random number generator installed on your system. This is however required by PrivateBin for security reasons. Have a look at the [requirements list](https://github.com/PrivateBin/PrivateBin/wiki/Installation#requirements) to see what you are missing.