Hastebin within Yunohost and the surveillance

Discuss
1

Hello,

I want to use the ‘Upload’ button from the logs but it opens a new window to the following website https://paste.yunohost.org/
This website forces the use of javascript code coming from ajax.googleapis.com
This is breaching my (our) privacy because I do not want to inform google about my activities, so I do not allow the execution of javascript code on my computer from google.

Can the YunoHost team consider this matter of privacy and create a new ‘Upload’ button to another project Hastebin-like in order to keep the functionality? In the meantime, can the team deactivate the use of Hastebin?

ps: I use NoScript plugin to avoid aggressive code and not respectful companies, like google, running on computers.

2

Hi @jef ,

I have patched the haste setup on paste.yunohost.org to replace the download from ajax.googleapis.com by a download of jquery directly on our server.

I have downloaded jquery directly from the jquery website and I have checked the integrity and added a integrity params in the html tags.

This fix should be done in the hastebin_ynh package too.

Like this:

<script type="text/javascript" src="jquery-1.7.1.min.js" integrity="sha384-npxfGiG5C/F5X72RqcKFYSfzr1AXsDiu1YC/ydsOrS+jL554Jh4zFAx9GpQi4lXQ"></script>

Thanks for your return !

2 Likes
3

Note one member of the YunoHost team already tried to make integrate a fix on the upstream haste-server since March 2016.

Feel free to comment on this pull request.

4

His commit was not pushed since March 2016? or is it another explanation?

Thank you @ljf for your attention :slight_smile:

5

Maybe this change could be applied to the haste YunoHost package?

6

Haste is an independent project. Only the owner of the repository can decide to merge some “Pull request”. This pull request is wainting since march 2016, there is no more work to do on it, it’s mergeable, the owner just need to pay attention on it and to click on “Merge Pull Request”.