[ / / / / / / / / / / / / / ] [ dir / b2 / bcb / biz / ck / dempart / fast / hydrus / tingles ]

/tech/ - Technology

Winner of the 75nd Attention-Hungry Games
/caco/ - Azarath Metrion Zinthos

March 2019 - 8chan Transparency Report
Comment *
Verification *
Password (Randomized for file and post deletion; you may also set your own.)
* = required field[▶ Show post options & limits]
Confused? See the FAQ.
Show oekaki applet
(replaces files and can be used instead)

Allowed file types:jpg, jpeg, gif, png, webm, mp4, pdf
Max filesize is 16 MB.
Max image dimensions are 15000 x 15000.
You may upload 3 per post.

File: 24e0014b184d03b⋯.png (1.22 MB, 1280x800, 8:5, chrome.png)


i made a browser extension for chrome and firefox. it is an extension where you can comment on the current url you are viewing. it only has access to the current tab you are viewing, nothing else. its also anonymous. kind of like dissenter but no sign up process. anyone can comment.



would love it if you all check it out

there is no sign up process with this extension. its anonymous. i usually dislike having usernames. i like it when i can just get on something and start posting anonymously.

in the main file of this extension there is this line.


"permissions": [




that means the extension only has access to the current tab. i would be siked just by people using something i made by hand. check the github repo.

here is the github repo



only the comments/posts gets saved. if people like this extension and people start using. then i can add a username feature if people would like that. but for now i would be happy if people use it at all. feels good to make something.


i posted this in /pol and some of the posters suggested i post it here too.


>no sign up process. anyone can comment.

From a technical point of view I must bring this issue up: what about spam?



Maybe there's an offline, non-tracking simple "recatcha" service that he could/should add to it?

https://github.com/yasirmturk/simple-php-captcha ? I think that's offline.



yes, thats the hardest part about wanting an open platform.

there was multiple things i thought about. first was having users. but that makes things less accessible. then it was thinking of getting third party services for security but then i will be giving other companies access to things.

the best system i think that will work with having an open platform is using captchas. so right now, i am using a mixture of recaptcha and a regular captcha system.

i think shitposting/spam is inevitable in an open medium like the internet. for me even if people shit post, i don't mind it if it makes me laugh or think. thats what i like about the internet. i dislike the robotic internet marketing spam. for right now i think the captcha system should be good. honestly being a fairly new coder, i wanted to create something and improve it as i go along. so if the captcha system does not work then i will change it to a different system and fix the issue if it becomes a problem.

if people start using this extension, then i think the issues/solutions will show itself and things can be changed accordingly.


can you make something useful like an option to randomize file names when uploading to 8cucks (and anywhere) so the nsa can't fingerprint me that way?




he can't, he'd have to admit that it's all botnet




i'm using vuejs. the code gets bundled with webpack.

here is the github repo.


that is where everything gets bundled from.



Thoughts on the captcha I linked?



sorry i am checking it now. i will get back.




yeah i will make a new repo and only put in the environment variables.



Since you're a faggot, the URL was



ok i gogoled C&C IP hahah no its not a botnet. it was my backend server for my database.



i been coding for only 6 months i couldnt hack or fake hack even if i wanted to. that ip was my backend server. now i have to get a new one since its exposed.



i hope you're not running unfirewalled mongodb with default settings and sensitive data, considering what a bunch of gerfag students discovered.



A shitton of them were asked for ransom money.


But devs or nsa just sent out a bunch of shills telling everyone that this was fine so i guess it's still the default settings.



s/shitton of them/shitton of database admins/


Where are comments stored?



i hate to say it. but it is default settings. man im glad i posted here. learned some stuff. well looks like the next journey is hardening the database.


i am storing the comments on my backend server which is using a nosql database. step 1 was get it working. now i'm gonna look up different ways i can make it better. a lot of posters are talking about p2p/distributed databases. so i'll check that.



if mongodb seriously still accepts connections from *.*.*.* and no login by default then you should consider not using it :-/


This is a fucking AWESOME idea. Comment sections are the most censored communication on the web. Offloading that to an independent data source is a great idea. The only problem I see is that installation of a browser extension is somewhat invasive. It might be nice to increase the platform surface area by also making it available as a user script via Tampermonkey, Greasemonkey, etc. And also create a standard JavaScript library so that it can be used as a replacement for Disqus.



this is my fun project, so most likely i will be upgrading things and changing things around. this is my second project ever. i'm still new. but the more i learn the more i will tuning it. right now i think the best thing to do is secure everything i can and just plain learn about security best practices. and then look at options for database. still feels good though. some months ago i knew no code. just gotta keep at it now.


i thought about his before. even though i like this concept of browser extension, the act of installing extensions itself might be an issue. so i also plan to make a regular site that can also have all of the comments along with the original link. that way you do not have to install any extensions.

i also wanna experiment with dat protocol and ipfs. i saw a presentation for dat protocol was nice, it doesn't seem too hard.

as far as a js library, that would be awesome. never even thought of something like that. a drop-in replacement for a lot of the comment boards. even though thats beyond what i can do, i will still look this up and see if others have done this. sounds interesting.


Relying on an addon page such as Mozilla's isn't, well, reliable.

A script might be superior as its more universal to browsers etc. https://greasyfork.org/en



Mozilla website would be superior because addons there are signed.

You can sign your greasemonkey scripts too but nobody has your key hardcoded in his browser.

But Mozilla makes signing mandatory so this creates vendor lock-in.

Firefox is shit now.




Depends, I'm using an outdated 56.0 x86 version that still keeps all the legacy plugins intact and I'm having less problems than with a fully updated browser with half the plugins missing because they wouldn't play ball with Pozilla's unreasonable demands.



What if you also/rather have to type in a topic you want to discuss? Like, just a word or three words tops, so that there can be multiple discussions going on at the same time and spammers need to guess the next topic?



>as far as a js library, that would be awesome. never even thought of something like that. a drop-in replacement for a lot of the comment boards. even though thats beyond what i can do, i will still look this up and see if others have done this. sounds interesting.

Yeah I'm just thinking, many interfaces to the single data source.>>1048551

>so i also plan to make a regular site that can also have all of the comments along with the original link. that way you do not have to install any extensions.

That kind of already exists (sites like this, esp. the news boards).



I've heard that the firefox and also tor got pozzed by ~60.2 something, and tor since 8.0. I wonder if this is true, specially the tor part. If you are in android you can still use Orfox (technically unpozzed tor) + Orbot.


I've had this idea for a while myself, some suggestions:

- Make it clear that a certain URL has comments, now you have to click on the button to see/post comments.

- Create a better UI, it looks god awful now :^)

- Force users to publish the comments under the CC0 1.0 Universal license[1], because fuck copyright

- Use as much existing back- and front-end as possible

- Federation, decentralization, etc.

[1]: https://creativecommons.org/publicdomain/zero/1.0/


if it's anonymous, can someone post CP links as comments?

can this app become pedo sharing community?


how do you want to use that as offline captcha? anyone can edit code and bypass captcha


>I've heard that the firefox and also tor got pozzed by ~60.2 something, and tor since 8.0. I wonder if this is true, specially the tor part.

Yes to both

but how to share CP without Tor?


Why not just use 8chan as the backend?

Create a series of boards with a separate manifest for URLs, then use the 8chan posting code for the goldwater.



1) No

2) Kill yourself


it will not let me comment on any thing



You are copying Gab's Dissenter. I like it. Still need a lot of work though.


The problem is that all comments are stored on your database. If I use it you will be able to see every site I go to. I don't trust you with that information.

Instead it should be federated. You should write an open source server (I would recommend making a Docker container that just werks) that anyone who wants to can run. The comments must be stored on different instances so that no one DB operator can see someone's entire comment history.

Also, stop typing like a retard. If this is the best English you can write, I don't want to imagine the quality of your code.



Seems like a good use case for blockchain storage.



misogynerds are banned from voicing their toxic opinions!


Didn't Gab make something like this already?



Yeah they did But this is sort of an example of what they should have done


File: 15914f743e83f51⋯.jpg (80.4 KB, 900x900, 1:1, 15914f743e83f51c580832ffe6….jpg)


I wanted to make it but good thing someone else does it so I don't have to.

Store your posts encrypted, padded to exactly the same length, so they are not identifiable. Store the URL as a fixed length hash, too. Encrypt the posts client-side using deterministic algorithm; I thought of using hash generated from salted URL as encryption key, so if you know the link you can access posts and decrypt them, but otherwise the database is almost completely opaque. The only non-cryptographic attack would be processing the order/number of entries that have the same URL hash, and comparing them to posts under known URLs, but if you have a known URL you can already access all posts in it.

The amount of posts should be limited per-page and auto-prune to, say, 300 posts per URL. The database should also prune old posts.

The comment section itself should work more like an imageboard, that is, anonymous posting and referring to each other by post number. Post numbers are not stored anywhere but rather, computed in place. Referred post link would be stored as a short MD5 hash of the post content rather than its number, so that it can always be identifiable even if contents are not static in relation to each other. Speaking of, all attributes of a post should be stored within its content. Besides the post body, you probably want to store just the timestamp, so that you could display "posted over 9 thousand years ago", but technically that's not necessary. To keep the relevant posts afloat, you would bump all referred posts to the top of the database and then push the message on top of them. Again, no data-matching attacks are possible unless you already know the relevant URL (correct me if I'm wrong).



Oh I guess someone could push non-encrypted data into your database. If it doesn't looks like it's encrypted, you can discard it. You can check its entropy, if it's unusually low then it's probably not encrypted. Send back to the client a NAK; a good client will try to pad the data in a different way to get different hash, an unruly client will just keep getting NAKs.


File: e19650daaa47eaa⋯.png (136.23 KB, 483x444, 161:148, e19650daaa47eaaf9e744cd2e7….png)


On that note, it's pretty much inevitable that someone will try to hack your client to share CP through your web service. Pedos have been doing shit like this for ages and it's inevitable. What a can of worms. But at least in your case it's completely impossible for random bystanders to stumble across it (it requires a custom hacked client to see anything, in addition to knowing a 1024-bit hash by which to access it) and as a service owner you have deniability as your server receives the data already encrypted and it doesn't have any decryption keys nor a way to produce them, not to mention the data in question is stored using custom encryption.



why do some people always post this meme on imageboards? you have to actually search for it to find it. you wont accidentally find cp on some random site like people here say. not even on tor



fbi has a license to distribute CP.

disagree with zog, your site goes to bog.

when I was 15 I used a generic php imageboard script on a free web server, didn't tell anyone yet pedo content was posted from 3 different ips.



Hey that could be a rap song



Hey bobo i left a comment on your git page



That's what I said. You'll have to really search to find it, but it'll be there.

It's like this russian prison meme: there are two chairs, one with erect dicks, the other with sharp shivs, choose one for yourself and one for your mom. You could receive your content pre-encrypted but then there's nothing you could do to moderate it, or you can receive your content as plaintext but then your database is right there for glowniggers' taking and nothing is anonymous about it.



>It's like this russian prison meme: there are two chairs, one with erect dicks, the other with sharp shivs, choose one for yourself and one for your mom.

Let me guess, whichever one you choose you get beaten for disrespecting your mom.

>there's nothing you could do to moderate it

There could be a separate reporting interface, people could say "yo xyz.com has CP in comments" which would allow the DB admin to decrypt posts that come from xyz, confirm that it's CP and delete. Of course this shows the self-defeating nature of >>1048787 's suggestion: There's nothing stopping the admin from simply guessing the URL. For example, he could guess "8ch" because he shilled there, or he could guess most popular sites like Jewtube which would be the bulk of the comments anyway.



Good luck guessing exact URL. In addition to huge amount of pages on every particular website, users would not be restricted to using real URLs and can just post under fake URLs - the chat room would work just the same, over a page showing 404 error. I've made a somewhat similar system for /v/fullderp, except that one was chatroom-centered and didn't had security features to speak of.




Also, the idea of storing pre-encrypted messages is not only for users and admins security, but also to avoid having to actually moderate what amounts to an entire fucking internet.



>whichever one you choose you get beaten for disrespecting your mom

Yeah you're supposed to take the third option. It's one of those trick riddles where you need to apply common sense rather than adhere to the rules. Like the one where they give you a broom, tell you it's a guitar and ask to play a song on it, or direct you to the painting of a tiger on the wall and tell you to make it cry.

If you want to make a system with reports, moderation, upvotes, and all that shit - dab already did it better. I gave some pointers about making a system with built-in security, if you not gonna pursue that then I might. I suggest you do it because if I'll do it, no fucks will be given.




>find 1000000 most popular videos

>dictionary attack

This is even assuming comments are stored by full URL, not domain. For unpopular sites, you would go through page after page without seeing a comment. As a practical solution users would start leaving their comments on the front page where they're more likely to be seen. Which are even easier to guess.

>fake URLs

So you made a private discussion board, great. You could also just make an unlisted board here or host an invite-only forum, among countless other ways.

OPs and gab's extension are meant for a decentralized public comment section for any page. But if all comments are stored on the same server it's even more centralized: In early stages it at least accomplishes moving comments out of the website admin's control. But if you start using it regularly, now you've gone from your entire comment history on each site being visible to that site's admin, to your entire comment history on all sites being visible to one admin.

I get that encryption at least makes it a bit more tedious to violate your privacy. However the whole concept of encryption relies on using secret information as the key. Public URLs are not a secret and not hard for the adversary to discover.


>avoid having to actually moderate

That's a bit naive. History shows that as soon as criminal content appears, you will be held responsible for it anyway. You'll get arrested, sued, raided and FBI won't believe you when you say you don't know the key. Especially if the key is something public like a URL, shared by several people.

The problem is not moderation but concentrating moderation authority. Classical comment sections gave this power to the same guy who makes content being commented on. Rep systems gave power to the majority. 8ch IMO has a promising solution by giving the power to whoever created the board. If you don't like moderation you can always move to another board, or make your own. Problem is that you will have much less content. The solution would be allowing overboard which 8ch devs are too incompetent to set up.

With website comments, my solution would be to let anyone run a server, and let the user decide which server they want to push comments to and which server's comments they'd like to see. So for example you would go to xyz.com/abc and by default see 3 comments from your preferred server based.com, and something like "72 more on cucked.com, 32 more on poz.com, 53 more on others" which you can click to show the other comments as well. No upvotes needed, server operator gets to delete content he's not comfortable storing, but if you disagree with it you can just find another server that won't delete it (or host your own).


>Yeah you're supposed to take the third option.

There's no third option besides physically attacking the guy asking. His main goal is that he gets to beat someone. He is only asking the question for additional amusement. He is not going to deny himself that just because you figured out a clever response. If he was honorable or an intellectual he wouldn't be in prison asking riddles about cock chairs.

>If you want to make a system with reports, moderation, upvotes,

I guess you got confused when I said report and thought I meant some kind of rep system. All it takes is someone going to xyz.com/abc, seeing CP in comments, then emailing the db admin with the URL. Now the admin knows the key. Is your plan to just hope nobody will expect the admin to do anything about criminal content hosted on his network?



>The solution would be allowing overboard which 8ch devs are too incompetent to set up.

Also somebody will probably mention the nerve center. I am aware of that and don't consider it practical or a good implementation.



Any updates?



>8ch IMO has a promising solution by giving the power to whoever created the board. If you don't like moderation you can always move to another board, or make your own.

"Make your own" is a complete non-starter in most cases, and misses the point of most criticism.


So this still relies on a central server? How about making it P2P like torrents/IPFS?



How so?


Ah, but how will he datamine you if you don't just hand him all your data?


File: 4a584600081f89f⋯.jpg (220.34 KB, 615x891, 205:297, Screen Shot 19-04-11.jpg)

File: fa508d4a80c2557⋯.png (130.73 KB, 778x899, 778:899, ClipboardImage.png)

Gab's extension got booted from the Chrome Store and Mozilla's. Bitchute also were working on a similar extension but Indiegogo shut them down





He can still datamine because P2P means IPs are revealed unless behind Tor.


They're making their own browser and they'll hopefully make a less retarded way to install the extension. Maybe (((Brave))) will add Dissenter by default.


Nice extension OP. Is a Pale Moon port planned?



Christ it's getting bad, as much as I hate to be the retard that references Star Wars it's like in A New Hope when Leia mentions to Tarkin that the more he tightens his fist the more that will slip between them.



>apps should not contain content that threatens or harrasses others

lmao so chat software is illegal now if it doesn't get filtered?





Clearly it's a bullshit excuse, but what ticked them off? Was Gab dumb enough to say "harrassment is a-okay kids!" in their ToS? Or are we literally at the point where simply being associated with kosher alt right like Gab is enough to auto-ban any program you make, no matter how innocuous?

God it feels so good right now to not be using these (((stores))).


If the peer sends his comment to you, sure. If he sends to one of the 999 other peers, it's up to that peer whether he will log the IP and whether he will tell you the log. Which is all irrelevant because OP is a dumb pajeet who wants everyone to voluntarily submit their data so he can be zuck 2.0.


ok everyone.

i am have been updating a lot of things.

first i stopped using google recaptcha, too much bs to deal with when it comes to recaptcha. i am using another captcha system.

i did not make this project for sick disgusting things like beastiality or cp. thoughts of things like that make me wanna vomit. for that reason, i have applied a "patrol" system. if people see anything that is illegal or disgusting they can just press a button and leave a description of why its bad content, or a code like [IC] <- for "illegal content". i think disgusting immoral things are hated by most decent people, and things that are genuinely disgusting such as anything to do with children or animals will get reported by a lot of people.

there is some things on my checklist that i want to finish. first, i am creating a regular site version of this extension. i am creating a sign-in/username system. its a system where the server gives you a password and you have to save it. yes is harder to remember the password, but it makes things much more anonymous. i made this username system because if people get active they can have @mention features that leads them to their own profile. but since its just a randomized word with a password the server makes for you it makes things much for anonymous and randomized. and honestly makes the process easier on my end lol. the only thing is that you HAVE to save the password because its shown only once after you sign up.

now blockchain/decentralizing. yes, it is something i am interested in. but simply speaking, that is in the future. i am not finished with this project yet. its like thinking about and working on step 14 when i am not even on step 7. i am a guy not a team. again i am interested in it, and i am researching multiple things. once i find a good path i will go that route. maybe even experiment and create my own blockchain for this. i was making a blockchain/crypto toy project but i left it to create my current extension/site.

so Lairs extension is an extension that anyone can use. Lairs.site is the site version of it. the main difference is that the site has more information. you can view all urls and see the comments. while the extension i wanna keep it simple so you see the current url and their comments. with the chrome version, you get a button on top of the webpage. once you click it you see how many comments the current url has. the ONLY way the app/extension gets access to your current url is if you press the Lairs button on top of the webpage, or you click the extension icon on the top right. other than that the extension does not know anything. so if you are ok with sharing the url to see if there are any comments or how many people viewed the url, then click the Lairs button on top or the extension icon on the top right. some websites has a top menu that is permanently fixed on the top so the lairs button can be hidden on these sites. that is when you have to click he extension icon on the top right.

google is reviewing my extension, so after it is approved then all these updates will be available. unfortunately i am having some frustrating issues with firefox. the button on top feature for some reason is not working with firefox, of course i am actively trying to solve that issue.

i am also thinking/working on some other small fun tools that i might implement to make this more fun.

after i finish these main things i will try to truly finish it by porting it to other browsers. right now it works ok chrome, firefox, opera. i am sure it will work with brave since its chromium based.

i am gonna go back to working on the checklist. i'll come back and answer more things when i have time.



>i am have been updating a lot of things.

When will you update your English, Mohinder?

>i did not make this project for sick disgusting things like beastiality or cp.

kek literally where do you think you are

>i am creating a sign-in/username system.

lmao unironically kill yourself

>since its just a randomized word with a password the server makes for you it makes things much for anonymous and randomized.

Just say "my shitty tutorial didn't show making password forms", we all know that's what you meant.

>its like thinking about and working on step 14 when i am not even on step 7.

No retard deciding on architecture is step 1, even step 0.

>i am sure it will work with brave since its chromium based.

what is testing lol


Puny, weak. A pathetic offering! The only good thing about your thread is that it serves as an example of what not to do.



>sign-in/username system

>makes things much more anonymous

Lel. Sounds retarded but ok.

>blockchain/decentralizing. yes, it is something i am interested

If you go for the blockchain/distributed route it'll be difficult to moderate stuff so you'll have to let users add other users and posts to a blocklist manually. But, it will mean that you don't have to host almost anything yourself so you won't be liable for anything and it'll be cheaper for you personally. It's a better choice imho otherwise your addon isn't in any way different than Dissenter.


File: 00c21a6d5b2addd⋯.jpg (45.43 KB, 500x375, 4:3, 00c21a6d5b2addd9000e5fe47c….jpg)


>makes anonymous posting system

>I'm implementing a sign-in system



>Seems like a good use case for blockchain storage.

Agreed. Using a fully decentralized p2p encrypted database to store comments (preferably under tor network) is the only way I see this having any reason to exist, without trust issues or risking eventually just becoming another Disqus where wrongthink will be silenced. If it'll just use a centralized database running from an old Pentium III sitting in the hen house of some pajeet's backyard, I see no reason to install it instead of using Disqus or just not bother commenting.

Yes it would be fully unmoderated and we would have to deal with spammers, street shitters and pedos, so what? Anyone who has a problem with that doesn't belong here and should go back to >>/4um/



>>i did not make this project for sick disgusting things like beastiality or cp.

>kek literally where do you think you are

CP isn't welcome here; that's literally fake news smear info.



>Yes it would be fully unmoderated and we would have to deal with spammers, street shitters and pedos, so what?

Blockchain storage isn't free; if it becomes the user's responsibility to pay for it, that would regulate the spam. But it would also severely restrict adoption. If the developer pays for the storage instead, he would have to regulate spam, and possibly make decisions as to what type of content is allowed.



Can you provide a non-minified version of the source code?



You said this was the real source, but this repository was deleted.

Also, I don't think you need to load 5 JavaScript libraries for such a simple feature, plus 10k+ lines of CSS.



Yeah on blockchain it would probably need a cryptocurrency token to make the distributed storage reliable, I see that as a necessary evil in this case.

With centralized moderated storage it's nothing more than a Disqus that can be used on any page and subject to every kind of foul play it entails.



I don't have any interest in those things either, I rarely even look at porn. But coming here and moralfagging about that shit is pretty rich. Somebody probably uploaded some shit just to fuck with him, and he took the bait hook line and sinker. He is so out of touch it's ridiculous. Why would such a retarded person talk about this project here? Sounds like perfect for some plebbit sub.



Agreed. OP's idea isn't all bad but he writes like a massive normalfag who just parachuted straight outta Reddit. And from the looks of it, I don't know why he didn't stay there and shared this idea there.


I have created https://lairs.site/

It is a site which holds all of the comments from the lairs extension. there is a board feature where people can create boards just like here.

btw some folks here are complaining that i created a username/password system. it is optional, i created so if people like this then they can follow each other if they like what others have to say. again it is optional.

i plan to share this project anywhere and everywhere i can. i already posted this on 4chan and here. the site right now has a lot of test posts i made.

i will be improving the extension now. i am also working on 2 other small tools that is kind of related.

the extension looks a lot better compared to how it was at first. now i plan to implement things from the site lairs.site into the extension.


another thing, i have not finished the styling of the site. so i will improve the way the site looks as i go along.


File: 3f4455e71e18a14⋯.jpg (2.78 KB, 102x124, 51:62, 3f4455e71e18a140dc91d02f2b….jpg)


>still no source code

Hard pass.



>The problem is not moderation but concentrating moderation authority

I totally agree, only a federated solution is worth pursuing. I've also been thinking along the lines you've described. The simplest solution I've come up with is is piggybacking off of Mastodon or Pleroma. Someone would set up their own server (or use an existing one) and post with their account but include the sha1 of the url of the webpage in a hashtag. The instance owner could offer a public shared account (no password changes) that anyone can use if they wish be be anonymous. The browser addon would allow you to add or remove Mastodon/Pleroma instances of your choice. All the addon would do is search your instances for a hashtag of the current website's url sha1 you're on and return the results. This also somewhat obfuscates what webpages a user is commenting on when viewed from Mastodon/Pleroma.



I don't have much hope for him but at least we can discuss real alternatives to the centralized services already pitched by Gab and BitChute.

And before someone mentions blockchains again, no they are not practical for a public comment system unless you expect users to download hundreds of gigabytes of spam.

[Return][Go to top][Catalog][Nerve Center][Cancer][Post a Reply]
Delete Post [ ]
[ / / / / / / / / / / / / / ] [ dir / b2 / bcb / biz / ck / dempart / fast / hydrus / tingles ]