I made this browser extension for anyone and everyone

>github.com/zedsa/LairsExtension/commit/f5b3199d9cda3acd06655b4df66c301e70ffa71b#diff-182223fdfe0b7f20c1063acde21d8780
Was that your C&C IP?

yeah i will make a new repo and only put in the environment variables.

Since you're a faggot, the URL was 157.230.165.115:8080.

ok i gogoled C&C IP hahah no its not a botnet. it was my backend server for my database.

i been coding for only 6 months i couldnt hack or fake hack even if i wanted to. that ip was my backend server. now i have to get a new one since its exposed.

i hope you're not running unfirewalled mongodb with default settings and sensitive data, considering what a bunch of gerfag students discovered.

blog.fefe.de/?ts=aa248fde
blog.shodan.io/its-the-data-stupid/

A shitton of them were asked for ransom money.
twitter.com/Viss/status/819230131017289728

But devs or nsa just sent out a bunch of shills telling everyone that this was fine so i guess it's still the default settings.

s/shitton of them/shitton of database admins/

Where are comments stored?

i hate to say it. but it is default settings. man im glad i posted here. learned some stuff. well looks like the next journey is hardening the database.

i am storing the comments on my backend server which is using a nosql database. step 1 was get it working. now i'm gonna look up different ways i can make it better. a lot of posters are talking about p2p/distributed databases. so i'll check that.

if mongodb seriously still accepts connections from *.*.*.* and no login by default then you should consider not using it :-/

This is a fucking AWESOME idea. Comment sections are the most censored communication on the web. Offloading that to an independent data source is a great idea. The only problem I see is that installation of a browser extension is somewhat invasive. It might be nice to increase the platform surface area by also making it available as a user script via Tampermonkey, Greasemonkey, etc. And also create a standard JavaScript library so that it can be used as a replacement for Disqus.

this is my fun project, so most likely i will be upgrading things and changing things around. this is my second project ever. i'm still new. but the more i learn the more i will tuning it. right now i think the best thing to do is secure everything i can and just plain learn about security best practices. and then look at options for database. still feels good though. some months ago i knew no code. just gotta keep at it now.

i thought about his before. even though i like this concept of browser extension, the act of installing extensions itself might be an issue. so i also plan to make a regular site that can also have all of the comments along with the original link. that way you do not have to install any extensions.

i also wanna experiment with dat protocol and ipfs. i saw a presentation for dat protocol was nice, it doesn't seem too hard.

as far as a js library, that would be awesome. never even thought of something like that. a drop-in replacement for a lot of the comment boards. even though thats beyond what i can do, i will still look this up and see if others have done this. sounds interesting.

Relying on an addon page such as Mozilla's isn't, well, reliable.

A script might be superior as its more universal to browsers etc. greasyfork.org/en

Mozilla website would be superior because addons there are signed.
You can sign your greasemonkey scripts too but nobody has your key hardcoded in his browser.
But Mozilla makes signing mandatory so this creates vendor lock-in.
Firefox is shit now.

Depends, I'm using an outdated 56.0 x86 version that still keeps all the legacy plugins intact and I'm having less problems than with a fully updated browser with half the plugins missing because they wouldn't play ball with Pozilla's unreasonable demands.

What if you also/rather have to type in a topic you want to discuss? Like, just a word or three words tops, so that there can be multiple discussions going on at the same time and spammers need to guess the next topic?

Yeah I'm just thinking, many interfaces to the single data source.>>1048551
That kind of already exists (sites like this, esp. the news boards).

I've heard that the firefox and also tor got pozzed by ~60.2 something, and tor since 8.0. I wonder if this is true, specially the tor part. If you are in android you can still use Orfox (technically unpozzed tor) + Orbot.

I've had this idea for a while myself, some suggestions:

- Make it clear that a certain URL has comments, now you have to click on the button to see/post comments.

- Create a better UI, it looks god awful now :^)

- Force users to publish the comments under the CC0 1.0 Universal license[1], because fuck copyright

- Use as much existing back- and front-end as possible

- Federation, decentralization, etc.

[1]: creativecommons.org/publicdomain/zero/1.0/

if it's anonymous, can someone post CP links as comments?
can this app become pedo sharing community?

how do you want to use that as offline captcha? anyone can edit code and bypass captcha

Yes to both
but how to share CP without Tor?

Why not just use Zig Forums as the backend?
Create a series of boards with a separate manifest for URLs, then use the Zig Forums posting code for the goldwater.

1) No
2) Kill yourself

it will not let me comment on any thing

You are copying Gab's Dissenter. I like it. Still need a lot of work though.

The problem is that all comments are stored on your database. If I use it you will be able to see every site I go to. I don't trust you with that information.

Instead it should be federated. You should write an open source server (I would recommend making a Docker container that just werks) that anyone who wants to can run. The comments must be stored on different instances so that no one DB operator can see someone's entire comment history.

Also, stop typing like a retard. If this is the best English you can write, I don't want to imagine the quality of your code.

Seems like a good use case for blockchain storage.

misogynerds are banned from voicing their toxic opinions!

Didn't Gab make something like this already?

Yeah they did But this is sort of an example of what they should have done

I wanted to make it but good thing someone else does it so I don't have to.

Store your posts encrypted, padded to exactly the same length, so they are not identifiable. Store the URL as a fixed length hash, too. Encrypt the posts client-side using deterministic algorithm; I thought of using hash generated from salted URL as encryption key, so if you know the link you can access posts and decrypt them, but otherwise the database is almost completely opaque. The only non-cryptographic attack would be processing the order/number of entries that have the same URL hash, and comparing them to posts under known URLs, but if you have a known URL you can already access all posts in it.

The amount of posts should be limited per-page and auto-prune to, say, 300 posts per URL. The database should also prune old posts.

The comment section itself should work more like an imageboard, that is, anonymous posting and referring to each other by post number. Post numbers are not stored anywhere but rather, computed in place. Referred post link would be stored as a short MD5 hash of the post content rather than its number, so that it can always be identifiable even if contents are not static in relation to each other. Speaking of, all attributes of a post should be stored within its content. Besides the post body, you probably want to store just the timestamp, so that you could display "posted over 9 thousand years ago", but technically that's not necessary. To keep the relevant posts afloat, you would bump all referred posts to the top of the database and then push the message on top of them. Again, no data-matching attacks are possible unless you already know the relevant URL (correct me if I'm wrong).

Attached: 15914f743e83f51c580832ffe6e3ca0303427bf9bd7f7b81d66b4e92f07cbb5e.jpg (900x900, 80.4K)

Oh I guess someone could push non-encrypted data into your database. If it doesn't looks like it's encrypted, you can discard it. You can check its entropy, if it's unusually low then it's probably not encrypted. Send back to the client a NAK; a good client will try to pad the data in a different way to get different hash, an unruly client will just keep getting NAKs.

On that note, it's pretty much inevitable that someone will try to hack your client to share CP through your web service. Pedos have been doing shit like this for ages and it's inevitable. What a can of worms. But at least in your case it's completely impossible for random bystanders to stumble across it (it requires a custom hacked client to see anything, in addition to knowing a 1024-bit hash by which to access it) and as a service owner you have deniability as your server receives the data already encrypted and it doesn't have any decryption keys nor a way to produce them, not to mention the data in question is stored using custom encryption.

Attached: e19650daaa47eaaf9e744cd2e7b76b81c646e1afe4e22c309bd0fce704b6fdbe.png (483x444, 136.23K)

why do some people always post this meme on imageboards? you have to actually search for it to find it. you wont accidentally find cp on some random site like people here say. not even on tor

fbi has a license to distribute CP.
disagree with zog, your site goes to bog.
when I was 15 I used a generic php imageboard script on a free web server, didn't tell anyone yet pedo content was posted from 3 different ips.

Hey that could be a rap song

Hey bobo i left a comment on your git page

That's what I said. You'll have to really search to find it, but it'll be there.

It's like this russian prison meme: there are two chairs, one with erect dicks, the other with sharp shivs, choose one for yourself and one for your mom. You could receive your content pre-encrypted but then there's nothing you could do to moderate it, or you can receive your content as plaintext but then your database is right there for glowniggers' taking and nothing is anonymous about it.

Let me guess, whichever one you choose you get beaten for disrespecting your mom.

There could be a separate reporting interface, people could say "yo xyz.com has CP in comments" which would allow the DB admin to decrypt posts that come from xyz, confirm that it's CP and delete. Of course this shows the self-defeating nature of 's suggestion: There's nothing stopping the admin from simply guessing the URL. For example, he could guess "8ch" because he shilled there, or he could guess most popular sites like Jewtube which would be the bulk of the comments anyway.

Good luck guessing exact URL. In addition to huge amount of pages on every particular website, users would not be restricted to using real URLs and can just post under fake URLs - the chat room would work just the same, over a page showing 404 error. I've made a somewhat similar system for /v/fullderp, except that one was chatroom-centered and didn't had security features to speak of.

Also, the idea of storing pre-encrypted messages is not only for users and admins security, but also to avoid having to actually moderate what amounts to an entire fucking internet.

Yeah you're supposed to take the third option. It's one of those trick riddles where you need to apply common sense rather than adhere to the rules. Like the one where they give you a broom, tell you it's a guitar and ask to play a song on it, or direct you to the painting of a tiger on the wall and tell you to make it cry.

If you want to make a system with reports, moderation, upvotes, and all that shit - dab already did it better. I gave some pointers about making a system with built-in security, if you not gonna pursue that then I might. I suggest you do it because if I'll do it, no fucks will be given.

This is even assuming comments are stored by full URL, not domain. For unpopular sites, you would go through page after page without seeing a comment. As a practical solution users would start leaving their comments on the front page where they're more likely to be seen. Which are even easier to guess.

So you made a private discussion board, great. You could also just make an unlisted board here or host an invite-only forum, among countless other ways.

OPs and gab's extension are meant for a decentralized public comment section for any page. But if all comments are stored on the same server it's even more centralized: In early stages it at least accomplishes moving comments out of the website admin's control. But if you start using it regularly, now you've gone from your entire comment history on each site being visible to that site's admin, to your entire comment history on all sites being visible to one admin.

I get that encryption at least makes it a bit more tedious to violate your privacy. However the whole concept of encryption relies on using secret information as the key. Public URLs are not a secret and not hard for the adversary to discover.

That's a bit naive. History shows that as soon as criminal content appears, you will be held responsible for it anyway. You'll get arrested, sued, raided and FBI won't believe you when you say you don't know the key. Especially if the key is something public like a URL, shared by several people.

The problem is not moderation but concentrating moderation authority. Classical comment sections gave this power to the same guy who makes content being commented on. Rep systems gave power to the majority. 8ch IMO has a promising solution by giving the power to whoever created the board. If you don't like moderation you can always move to another board, or make your own. Problem is that you will have much less content. The solution would be allowing overboard which 8ch devs are too incompetent to set up.

With website comments, my solution would be to let anyone run a server, and let the user decide which server they want to push comments to and which server's comments they'd like to see. So for example you would go to xyz.com/abc and by default see 3 comments from your preferred server based.com, and something like "72 more on cucked.com, 32 more on poz.com, 53 more on others" which you can click to show the other comments as well. No upvotes needed, server operator gets to delete content he's not comfortable storing, but if you disagree with it you can just find another server that won't delete it (or host your own).

There's no third option besides physically attacking the guy asking. His main goal is that he gets to beat someone. He is only asking the question for additional amusement. He is not going to deny himself that just because you figured out a clever response. If he was honorable or an intellectual he wouldn't be in prison asking riddles about cock chairs.

I guess you got confused when I said report and thought I meant some kind of rep system. All it takes is someone going to xyz.com/abc, seeing CP in comments, then emailing the db admin with the URL. Now the admin knows the key. Is your plan to just hope nobody will expect the admin to do anything about criminal content hosted on his network?

Also somebody will probably mention the nerve center. I am aware of that and don't consider it practical or a good implementation.

Any updates?

"Make your own" is a complete non-starter in most cases, and misses the point of most criticism.

So this still relies on a central server? How about making it P2P like torrents/IPFS?

How so?

Ah, but how will he datamine you if you don't just hand him all your data?

Gab's extension got booted from the Chrome Store and Mozilla's. Bitchute also were working on a similar extension but Indiegogo shut them down

archive.li/3uM91
bitchute.info/indiegogo-deplatforms-bitchute/

Attached: ClipboardImage.png (615x891 130.73 KB, 220.34K)

He can still datamine because P2P means IPs are revealed unless behind Tor.

They're making their own browser and they'll hopefully make a less retarded way to install the extension. Maybe (((Brave))) will add Dissenter by default.

Nice extension OP. Is a Pale Moon port planned?

Christ it's getting bad, as much as I hate to be the retard that references Star Wars it's like in A New Hope when Leia mentions to Tarkin that the more he tightens his fist the more that will slip between them.

lmao so chat software is illegal now if it doesn't get filtered?

Clearly it's a bullshit excuse, but what ticked them off? Was Gab dumb enough to say "harrassment is a-okay kids!" in their ToS? Or are we literally at the point where simply being associated with kosher alt right like Gab is enough to auto-ban any program you make, no matter how innocuous?

God it feels so good right now to not be using these (((stores))).

If the peer sends his comment to you, sure. If he sends to one of the 999 other peers, it's up to that peer whether he will log the IP and whether he will tell you the log. Which is all irrelevant because OP is a dumb pajeet who wants everyone to voluntarily submit their data so he can be zuck 2.0.

ok everyone.

i am have been updating a lot of things.

first i stopped using google recaptcha, too much bs to deal with when it comes to recaptcha. i am using another captcha system.

i did not make this project for sick disgusting things like beastiality or cp. thoughts of things like that make me wanna vomit. for that reason, i have applied a "patrol" system. if people see anything that is illegal or disgusting they can just press a button and leave a description of why its bad content, or a code like [IC]

When will you update your English, Mohinder?

kek literally where do you think you are

lmao unironically kill yourself

Just say "my shitty tutorial didn't show making password forms", we all know that's what you meant.

No retard deciding on architecture is step 1, even step 0.

what is testing lol

Verdict:
Puny, weak. A pathetic offering! The only good thing about your thread is that it serves as an example of what not to do.

Lel. Sounds retarded but ok.
If you go for the blockchain/distributed route it'll be difficult to moderate stuff so you'll have to let users add other users and posts to a blocklist manually. But, it will mean that you don't have to host almost anything yourself so you won't be liable for anything and it'll be cheaper for you personally. It's a better choice imho otherwise your addon isn't in any way different than Dissenter.

Attached: 00c21a6d5b2addd9000e5fe47ceb20225cb36b4140d8b8ba2e43f33c62c3e864.jpg (500x375, 45.43K)

Agreed. Using a fully decentralized p2p encrypted database to store comments (preferably under tor network) is the only way I see this having any reason to exist, without trust issues or risking eventually just becoming another Disqus where wrongthink will be silenced. If it'll just use a centralized database running from an old Pentium III sitting in the hen house of some pajeet's backyard, I see no reason to install it instead of using Disqus or just not bother commenting.
Yes it would be fully unmoderated and we would have to deal with spammers, street shitters and pedos, so what? Anyone who has a problem with that doesn't belong here and should go back to >>/4um/

CP isn't welcome here; that's literally fake news smear info.

Blockchain storage isn't free; if it becomes the user's responsibility to pay for it, that would regulate the spam. But it would also severely restrict adoption. If the developer pays for the storage instead, he would have to regulate spam, and possibly make decisions as to what type of content is allowed.

Can you provide a non-minified version of the source code?

>github.com/zedsa/LairsExtension
You said this was the real source, but this repository was deleted.

Also, I don't think you need to load 5 JavaScript libraries for such a simple feature, plus 10k+ lines of CSS.

Yeah on blockchain it would probably need a cryptocurrency token to make the distributed storage reliable, I see that as a necessary evil in this case.
With centralized moderated storage it's nothing more than a Disqus that can be used on any page and subject to every kind of foul play it entails.

I don't have any interest in those things either, I rarely even look at porn. But coming here and moralfagging about that shit is pretty rich. Somebody probably uploaded some shit just to fuck with him, and he took the bait hook line and sinker. He is so out of touch it's ridiculous. Why would such a retarded person talk about this project here? Sounds like perfect for some plebbit sub.

Agreed. OP's idea isn't all bad but he writes like a massive normalfag who just parachuted straight outta Reddit. And from the looks of it, I don't know why he didn't stay there and shared this idea there.

HAPAS ARE SUPERIOR TO WHITES

HAPAS ARE SUPERIOR TO WHITES

HAPAS ARE SUPERIOR TO WHITES

HAPAS ARE SUPERIOR TO WHITES

HAPAS ARE SUPERIOR TO WHITES

HAPAS ARE SUPERIOR TO WHITES

HAPAS ARE SUPERIOR TO WHITES

HAPAS ARE SUPERIOR TO WHITES

HAPAS ARE SUPERIOR TO WHITES

I'm seeing a lot of bot posts spammed around here. Be careful anons

Kike mods are trying to get TOR banned. Don't let them get away with it!

Wow. Just wow.

Oof, the racism in this thread!

This is a tragedy! Why is this happening?

Remember that 8 Chan is full of racists who hate African-Americans because their dicks are tiny. A bunch of jealous filthy RACISTS!

I have created lairs.site/

It is a site which holds all of the comments from the lairs extension. there is a board feature where people can create boards just like here.

btw some folks here are complaining that i created a username/password system. it is optional, i created so if people like this then they can follow each other if they like what others have to say. again it is optional.

i plan to share this project anywhere and everywhere i can. i already posted this on 4chan and here. the site right now has a lot of test posts i made.

i will be improving the extension now. i am also working on 2 other small tools that is kind of related.

the extension looks a lot better compared to how it was at first. now i plan to implement things from the site lairs.site into the extension.

another thing, i have not finished the styling of the site. so i will improve the way the site looks as i go along.

Attached: 3f4455e71e18a140dc91d02f2bb1a9c35a5d6f0de876393cf8015eda8e70d96f.jpg (102x124, 2.78K)

Hard pass.

I totally agree, only a federated solution is worth pursuing. I've also been thinking along the lines you've described. The simplest solution I've come up with is is piggybacking off of Mastodon or Pleroma. Someone would set up their own server (or use an existing one) and post with their account but include the sha1 of the url of the webpage in a hashtag. The instance owner could offer a public shared account (no password changes) that anyone can use if they wish be be anonymous. The browser addon would allow you to add or remove Mastodon/Pleroma instances of your choice. All the addon would do is search your instances for a hashtag of the current website's url sha1 you're on and return the results. This also somewhat obfuscates what webpages a user is commenting on when viewed from Mastodon/Pleroma.

I don't have much hope for him but at least we can discuss real alternatives to the centralized services already pitched by Gab and BitChute.

And before someone mentions blockchains again, no they are not practical for a public comment system unless you expect users to download hundreds of gigabytes of spam.

I wonder if mozilla and google would ban that addon like they did with dissenter. The addon creator isn't hosting anything himself it's outsourcing to third parties. You could even add twitter support for good measure.

i made another site/extension.

inspired by slurmachine.fun. i think and ever changing word in slurmachine will get confusing. in my project the replacement words stay intact and do not change everyday. that way anyone can remember it.

in my site/extension you can type in a word like "faggot" and it will give you something like "ultimatE" just like slurmachine but in my project you can also make entire public posts. so you can make 1000 max chars post and then it will give you a secret word. then you just posts the secret word which will help not getting your twitter or facebook account banned. you can also make a private posts which ONLY can be seen with the secret word. private posts are also encrypted. you can also see all the popular and updated posts and words as well since that information is also there.

here is links:

jam.party/

chrome.google.com/webstore/detail/jammer/naaipabojflnogjimklioekfkfgdhoki

addons.mozilla.org/en-US/firefox/addon/jammer/

Attached: Untitled.png (1280x800, 792.51K)

this

if you really want me to use your app it should pay me to use it like Facebook vpn app did.

Any updates on Lairs, OP?

i bet that they inspected every packet very carefully if they thought that its worth paying the users

So if a white guy wanted to do this, instead of OP, what would be some considerations? Aside from basic shit like not leaving the db open this time :^)