Sold out
PrivateBin - Image 1
Click to enlarge
Ombi
Ombi $9.00 / month with a 7-day free trial
Back to products
Prowlarr
Prowlarr $9.00 / month with a 7-day free trial and a $1.00 sign-up fee

PrivateBin

$9.00 / month with a 7-day free trial and a $1.00 sign-up fee

Self-hosted encrypted pastebin — text and files encrypted in the browser before they ever reach the server, with burn-after-reading, expiration, and password protection.

A managed instance of PrivateBin on ElfHosted — a zero-knowledge pastebin where the server stores ciphertext only and the decryption key lives in the URL fragment (the part after `#`, which never reaches the server). Paste a snippet, share the link, recipient sees the content; the server itself can’t read it. Free, open-source, ZLib license.

Out of stock

🤩 Subscribe to a personal stack and get up to 88% discount! 😻

This product is currently sold out.

No worries! Enter your email, and we'll let you know as soon as it's back in stock.

Add to wishlist
0 People watching this product now!
SKU: privatebin Category:
Description

Pastebin.com sees everything you paste. PrivateBin doesn't — and your self-hosted instance lets you prove it.

What is PrivateBin?

PrivateBin is a self-hosted, zero-knowledge pastebin. Type or paste content into the web UI; PrivateBin generates a random AES-256 key in your browser, encrypts the content client-side, sends only the ciphertext to the server, and puts the decryption key into the URL fragment (the bit after `#`). When you share the URL, the recipient's browser uses the key in the fragment to decrypt the ciphertext locally. The server never sees the plaintext.

That architecture has a real consequence: your PrivateBin instance can be subpoenaed, breached, or seized — and the attacker still gets only ciphertext. The decryption keys live in URL fragments held by the senders and recipients, not in any database the server can be compelled to hand over. PrivateBin is the rare self-hosted tool where "privacy" is a structural property of the design, not a marketing claim.

Features

  • 🔐 Zero-knowledge encryption — AES-256-GCM, key derived in-browser, ciphertext-only on the server. The decryption key never reaches the server.
  • 💥 Burn after reading — paste self-deletes on first decryption attempt. Confirm-before-burn UI prevents accidental destruction by link-preview bots.
  • Configurable expiration — paste auto-expires after 5 minutes / 1 hour / 1 day / 1 week / 1 month / 1 year / never. Even non-burn pastes can be time-limited.
  • 🔑 Password protection — additional password layer required before decryption (defends against link-leak via referer / browser history / shoulder-surfing).
  • 📎 Encrypted file attachments — drag-and-drop files; same end-to-end encryption applies.
  • 💬 Encrypted comments — recipients can comment on a paste without breaking the encryption model.
  • 🎨 Syntax highlighting — auto-detect language for code pastes; manual override available.
  • 📥 QR code generation — generate a QR code for the paste URL for quick mobile sharing.
  • 🛠️ CLI clients — third-party CLI tools (e.g. `pbcli`) for piping shell command output directly into a paste.
  • 🔓 FOSS & ZLib license — no telemetry, no analytics, no premium tier.

PrivateBin vs Other Paste Tools

  • vs. pastebin.com — pastebin.com sees everything you paste. Even with "private" pastes, the server has full plaintext access. PrivateBin is structurally different — server has only ciphertext.
  • vs. GitHub Gists — Gists are public-by-default and tied to a GitHub account. PrivateBin is anonymous-by-default with no account required (you can paste without signing in to anything).
  • vs. 0bin / SnapBin / hastebin — 0bin has the same zero-knowledge model and is the conceptual ancestor of PrivateBin; it's been less actively maintained. SnapBin and hastebin are not zero-knowledge. PrivateBin is the most actively-developed zero-knowledge option.
  • vs. Wire / Signal / Telegram secret chat — those are messaging platforms; recipients need to be on the same platform. PrivateBin generates a URL anyone can open in any browser, no app install required.
  • vs. an encrypted email — PrivateBin works between people who don't share PGP keys. The decryption key travels in the URL itself; the only thing both parties need is the URL.

The right pick if you regularly paste sensitive snippets to colleagues / clients / friends and want the server to be structurally incapable of reading them.

Why Run PrivateBin on ElfHosted?

PrivateBin is straightforward to self-host (PHP application, file or database backend) but the operational details matter for a tool that's supposed to be a privacy primitive:

  • HTTPS with auto-renewing TLS — required so the URL fragment (which contains the decryption key) isn't visible in transit.
  • Persistent storage with backups — your paste retention policy is yours, not subject to a one-shot disk failure.
  • Updates handled — PrivateBin ships releases regularly with security fixes; the upstream maintainer is responsive on disclosed issues.
  • Logging configured for privacy — minimal access logs, no IP retention beyond what's needed for rate-limiting.
  • Single subscription: $9/month all-in.

Technical Specifications

  • 🛠️ Software: PrivateBin (FOSS, ZLib license)
  • 🔐 Encryption: AES-256-GCM with PBKDF2 key derivation; entirely client-side (server stores ciphertext only)
  • 📂 Storage backend: filesystem (default) or PostgreSQL/MySQL
  • 📎 Attachments: drag-and-drop file upload, encrypted client-side, configurable size limit
  • Expiration options: 5 min / 10 min / 1 hour / 1 day / 1 week / 1 month / 1 year / never; plus burn-after-reading
  • 🔑 Auth model: no accounts; pastes are anonymous; optional password layer per paste
  • 🎨 Syntax highlighting: via highlight.js with language auto-detection
  • 📊 QR code: generated client-side for the paste URL
  • 🛠️ API: simple JSON API for programmatic posting; CLI tools available
  • 🔑 Subscription: $9/month — PrivateBin itself is fully free
  • 🌐 Access: HTTPS on your own ElfHosted subdomain
  • 🔄 Updates: handled by ElfHosted; security releases tracked closely

Frequently Asked Questions

How do I run PrivateBin without self-hosting it?
Add it to your ElfHosted subscription — this product is a managed PrivateBin instance with HTTPS, persistent storage, automated backups, and security-tracked updates. No PHP setup.

How does the zero-knowledge encryption actually work?
When you click "send", the browser generates a random AES-256 key, encrypts the paste contents, sends only the ciphertext to the server, and puts the key in the URL fragment (the `#...` part). URL fragments are never transmitted to the server by the browser. When the recipient opens the link, their browser reads the fragment locally and uses it to decrypt the ciphertext. The server stores ciphertext; the keys exist only in URLs held by senders and recipients.

Can I attach files?
Yes — drag-and-drop file attachments are encrypted with the same key as the paste. There's a configurable size limit; on this ElfHosted instance the default is generous enough for most code/log/screenshot sharing.

What if someone screenshots the URL?
Then they have the decryption key. PrivateBin protects against the server reading content; it doesn't protect against the recipient's screen being photographed. For that threat model, use burn-after-reading + a separate-channel password.

Is there an account system?
No. Pastes are anonymous. There's no login, no user database, no password reset flow — by design. The privacy guarantees are stronger when there's nothing to authenticate against.

How does this compare to running my own pastebin from a Gist or GitHub repo?
Gists / repos are full-text-readable to GitHub and to anyone you share with (including their browser cache, history, and any link-previewer that follows the URL). PrivateBin's server can't read the content; link-previewers see only ciphertext.

Are there CLI tools for piping shell output into a PrivateBin?
Yes — `pbcli` and similar third-party CLI tools work with any PrivateBin instance. Useful for pipelines like `cat error.log | pbcli` to share a log with a colleague encrypted-by-default.

PrivateBin is the zero-knowledge pastebin for people who paste things they shouldn't paste to pastebin.com — credentials in error logs, debug output with PII, sensitive code snippets. Server stores ciphertext only; decryption keys travel in URL fragments. Hosted on ElfHosted with HTTPS, automated backups, and security-tracked updates for $9/month.

Reviews (0)
0 reviews
0
0
0
0
0

Reviews

Clear filters

There are no reviews yet.

Only logged in customers who have purchased this product may leave a review.

Related products

Vaultwarden

$9.00 / month with a 7-day free trial and a $1.00 sign-up fee

Self-hosted, Bitwarden-compatible password manager — runs the official Bitwarden mobile, browser, and desktop clients against your own subdomain instead of bitwarden.com.

A managed instance of Vaultwarden on ElfHosted — the unofficial-but-mature Rust rewrite of the Bitwarden server, fully compatible with every official Bitwarden client (iOS, Android, browser extensions for Firefox/Chrome/Safari/Edge, macOS/Windows/Linux desktop, CLI). Same client experience; your vault lives on your subdomain instead of Bitwarden's cloud. AGPL-3.0.

Add to wishlist
Add to cart
Quick view