Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Pastebin to be better purged of ‘hurtful’ hack dumps

The owner of Pastebin told the BBC that he was looking to hire ‘some extra people’ to speed the process of finding and removing sensitive data from the site
The owner of Pastebin told the BBC that he was looking to hire ‘some extra people’ to speed the process of finding and removing sensitive data from the site

Vader was interviewed, via email, by the BBC. He talked about Pastebin, its problems, its philosophy, and how it does and will tackle posts of sensitive and ‘hurtful’ information. 

“I think it is very important that people have access to sites like Pastebin,” Vader told the BBC, “because it offers them total freedom of speech.” But it has also become the destination of choice for hackers, including Anonymous, to dump the proceeds of their hacks, even though its guidelines prohibit posting email lists, login details, personal information and stolen source code or passwords. Vader is aware that this happens, but, he says, “trying to automatically filter out such pastes is a pretty impossible task.” Instead he relies on ‘abuse’ reports. “On average we get over 1,000 abuse reports a day via our on-site abuse report system, and another 200 or so come in via email. These are all monitored.”

Asked if he should be more proactive in removing personal details he told the BBC that he was looking to hire ‘some extra people’ to speed the process of finding and removing sensitive data. “Often articles contain a lot of information, and part of that can be a person's details,” he said, but added, “This does not mean straight away that it should be removed.”

The overall picture that emerges from this interview is one of a site that seeks to find an acceptable balance between obeying the law, protecting personal information, and still providing a safe haven for free speech. “There have been a few cases when authorities request IP information from Pastebin, and we tend to comply with such requests, but only with a valid court order of course.” Whether this is of any value to the authorities is a separate matter. “People who post sensitive information hardly ever use their own home IP.”

But given the increasing interest in ‘blocking’ orders in both the US and EU, his comment about Pakistan and Turkey is worth consideration by the authorities. “Pakistan blocked us a few months ago,” said Vader, “and three weeks ago Turkey also blocked us.” But it has not been very effective. “Looking at our Google Analytics reports, it shows that even though the site has been blocked in those countries, the visitors drop is only about 50% in both cases. People still find a way to connect.”

What’s Hot on Infosecurity Magazine?