? Editing: Post:21.body Save Delete Cancel
Content changed Sign & Publish new content

CronianIcez ZeroBlog

ZeroBlog about ZeroStuff.

Follow in NewsfeedFollowing

Latest comments:

ZeroID in the clearnet

on Aug 21, 2016 ·
1 comment

It seems that ZeroID leaks information over the clearnet (i.e. the typical internet). There's an option to sign up via BitMessage, but that option is so difficult to see that most people sign up over the web.

If you look into the javascript source of the ZeroID site, which has the address 1iD5ZQJMNXu43w1qLB8sfdHVKppVMduGz, then you'll see the following functions:

ZeroID.prototype.sendRequest = function() {
  $(".button-send").addClass("loading");
  $(".username").attr("readonly", "true");
  this.setRequestPercent(10);
  return $.post("https://demo.zeronet.io/ZeroID/request.php", {
    "auth_address": this.auth_address,
    "user_name": $(".username").val(),
    "width": $(".ui h1").width()
  }, (function(_this) {
    return function(res) {
      _this.setRequestPercent(20);
      if (res[0] === "{") {
        res = JSON.parse(res);
        return _this.solveTask(res);
      } else {
        _this.cmd("wrapperNotification", ["error", res]);
        return _this.endRequest();
      }
    };
  })(this)).fail((function(_this) {
    return function(err) {
      _this.cmd("wrapperNotification", ["error", "Error while during request: " + err.statusText + "<br>" + err.responseText]);
      return _this.endRequest();
    };
  })(this));
};

ZeroID.prototype.solveTask = function(task) {
  var err, solution;
  try {
    solution = eval(task.work_task);
  } catch (_error) {
    err = _error;
    this.cmd("wrapperNotification", ["error", "Error while solving: " + err.message]);
    this.endRequest();
    return false;
  }
  this.setRequestPercent(30);
  return $.post("https://demo.zeronet.io/ZeroID/solution.php", {
    "auth_address": this.auth_address,
    "user_name": $(".username").val(),
    "work_id": task.work_id,
    "work_solution": solution
  }, (function(_this) {
    return function(res) {
      if (res === "OK") {
        return _this.setRequestPercent(80);
      } else {
        _this.cmd("wrapperNotification", ["error", "Solve error: " + res]);
        return _this.endRequest();
      }
    };
  })(this)).fail((function(_this) {
    return function(err) {
      _this.cmd("wrapperNotification", ["error", "Error while during sending solution: " + err.statusText + "<br>" + err.responseText]);
      return _this.endRequest();
    };
  })(this));
};

As you can see, these requests clearly happen on web and use your auth_address as well as username. At least it's over SSL, but that's not saying much. It just goes to show that JavaScript is inherently insecure.

Read more

Hello Zero!

on May 31, 2015

Becoming more and more acclimated to the ZeroNet. One thing that I'd like to see is a friend-to-friend feature for private sites. I've read that you can specify which users have access to a site by some JSON trickery I haven't quite figured out yet, but what good is that if other peers download your private content?

Also, I haven't been able to get Onionland to play nicely with ZeroNet on Mac OS X. I'm able to open the Tor Browser and navigate to ZeroNet, but there's still an error coming up on the Tor status.

P.S. If anyone clones this or similar blogs, you can edit a post and its title with the invisible edit buttons to the left side. The same applies to the site title, site description, and link list. The avatar can be updated by replacing /img/avatar.png with a 60 by 60 one of your own.

Read more
Add new post

Title

21 hours ago · 2 min read ·
3 comments
Body
Read more

Not found

Title

21 hours ago · 2 min read

0 Comments:

user_name1 day ago
Reply
Body
This page is a snapshot of ZeroNet. Start your own ZeroNet for complete experience. Learn More