PrivateBin

PrivateBin is the encrypted-in-browser minimalist pastebin — a self-hostable PHP application where pastes are AES-encrypted client-side before upload, with the encryption key living in the URL fragment (never reaching the server), making the server a zero-knowledge storage layer. Listed at Grade A because PrivateBin is the canonical drop-in for pastebin.com / hastebin / Gist when you need to share text snippets without trusting the storage operator with the content — battle-tested over years, deployable on a $4 VPS, supports password-protection, expiry, burn-after-reading, and syntax highlighting.

Background. PrivateBin is a fork of the original ZeroBin (by Sébastien SAUVAGE, 2012) — when ZeroBin development paused, the community continued under the PrivateBin banner. Active development by a maintainer team led by El Rido; codebase at github.com/PrivateBin/PrivateBin. Distribution: deploy to any PHP web host (shared hosting, $4 VPS, Docker container); the application is intentionally lightweight (PHP + JavaScript + plain HTML, no database required by default; SQLite or filesystem storage). Multiple operators run public PrivateBin instances; the canonical list at privatebin.info/directory/ shows community-operated instances you can use without self-hosting. Open source under the Zlib license (permissive, similar to MIT). No commercial entity — entirely volunteer-maintained.

What you trust. Client-side encryption — AES-CBC-256 encryption happens in the browser via JavaScript; the server stores only ciphertext. Key in URL fragment — the encryption key is in the part of the URL after `#`, which browsers never send to servers. Share the URL = share the key + paste ID. Zero-knowledge architecture — the operator (or the self-host you set up) literally cannot read the paste content. Open-source codebase — the source is auditable; the cryptography has been independently reviewed (informal community review; no full Cure53-style audit but the codebase is small enough to be reasonably auditable). Multiple options for storage backends — filesystem (default), SQLite, MySQL, PostgreSQL; operators can pick what fits their infrastructure. Tor-friendly — works on Tor Browser including the "Safest" security level (the encryption JavaScript needs to run, but the application gracefully handles JS-restricted environments where possible). What you don't trust: URL forwarding — anyone with the URL has the key. Treat URL sharing as the access mechanism. Operator metadata — even though the server can't read paste content, it sees connection timing, paste size, retrieval frequency. For high-threat scenarios, self-host or use Tor. Key derivation strength — PrivateBin's key is randomly generated (high entropy), but the JavaScript implementation's randomness depends on the browser's CSPRNG.

Operational specs. Platform: browser-based; the server runs PHP. Storage backends: filesystem (default, simplest), SQLite, MySQL, PostgreSQL. Paste features: password protection (additional symmetric layer atop the URL fragment key), expiry (5 minutes, 10 minutes, 1 hour, 1 day, 1 week, 1 month, 1 year, never), burn-after-reading (paste self-destructs after first view), syntax highlighting (~30 languages), markdown formatting, comments (other readers can comment on the paste; comments are also encrypted), discussion threads for collaborative editing. File upload: optional — depends on operator policy. Max paste size: operator-configured, typically 1-10 MB. No accounts — pastes are anonymous; no signup, no email. Bot scraping protection: server-side rate limits + optional invite/captcha gates for operators concerned about abuse. No-JS fallback — limited: the encryption requires JavaScript, but some read-only views work without JS (operator-configured). Tor support: works on Tor Browser; some operators run dedicated `.onion` mirrors.

Philosophy. PrivateBin's editorial differentiator is the trivially-self-hostable encrypted-pastebin model. Pastebin.com, hastebin, GitHub Gist — all see your plaintext, all retain it on their servers, all are subject to operator decisions about deletion and moderation. PrivateBin says: pastes are a fundamental web primitive that shouldn't require trusting an operator with the content. The self-host story is intentional: deploy in 10 minutes on cheap hosting, give your team or organisation a private pastebin, eliminate the dependency on a third-party service. For users who don't want to self-host, the public-instances directory provides community-operated options. The trade-off vs cloud pastebins: no built-in commenting at the scale of GitHub Gist's community, no integration with development workflows (no fork, no version history), no shared-with-username model — but the privacy posture is structurally cleaner.

Grade rationale. Grade A reflects: open-source Zlib-licensed codebase; 10+ years of operational continuity (ZeroBin/PrivateBin lineage since 2012); zero-knowledge architecture with client-side encryption; self-host fallback well-documented (PHP + minimal setup); multiple storage-backend options; rich feature set (password, expiry, burn-after-reading, syntax highlight, comments); Tor-friendly; public-instances directory for users who don't want to self-host; named maintainer (El Rido) and active community contributors; cross-listed in Privacy Guides peer directory (referenced as the recommended encrypted-pastebin). Last verified 2026-05-13.

Useful when. You need to share text snippets (code, logs, error messages, configuration) without sending them to a third-party service that retains the content — PrivateBin is the canonical pick. You want to self-host a private pastebin for your organisation or team — deploy on any PHP host in 10 minutes. You're a journalist or activist sharing sensitive text with sources via a side-channel-shared URL — pair PrivateBin with Signal/PGP for the URL transmission. You want burn-after-reading semantics for a one-shot share that self-destructs after the recipient views it. You're a researcher with a workflow that involves paste-sharing and want to eliminate the operator-trust dependency. You want a pastebin that works on Tor Browser including the "Safest" security level (most features) — PrivateBin handles Tor gracefully.

Caveats. JavaScript required for encryption — the AES-CBC encryption runs in browser JS. Tor Browser "Safest" mode disables JS, which breaks encryption; you'll need to step down to "Safer" or "Standard" for full PrivateBin functionality. URL forwarding is access grant — anyone with the URL has the key. Plan accordingly: use burn-after-reading for sensitive one-shot shares; password-protect on top of the URL key for additional layer; revoke access requires deleting + regenerating. Operator metadata visibility — public PrivateBin instances see connection timing, paste sizes, retrieval patterns. For high-threat use, self-host. PHP web hosting requires sysadmin care — keep PHP updated, harden the web server (nginx + TLS), monitor for abuse (spam-paste creation, DDoS). Operating a public PrivateBin instance is more work than just deploying the code. No accounts / no sharing model — pastes are anonymous; you can't say "share this with username X." You share via URL or you don't share. For team-based workflows, self-host with restricted access at the web-server level. Storage limits — operators set max paste size and total storage limits; very large pastes need a self-hosted instance with adequate disk. JavaScript-runtime randomness depends on browser — modern browsers (Tor Browser, Firefox, Chromium) have well-vetted CSPRNGs; old or odd browsers may have weaker entropy. Comments are visible if the URL is shared — comment threads are visible to anyone with the paste URL; they're not separately access-controlled. Burn-after-reading is fragile in some scenarios — if multiple recipients open the URL simultaneously, both may see the paste before it's destroyed. For strict one-recipient semantics, share the URL with only one person at a time. The "private" in PrivateBin doesn't mean anonymous in the strong sense — your IP is visible to the server (or proxied via Tor if you route that way). For anonymity, route through Tor.