? Editing: Post:21.body Save Delete Cancel
Content changed Sign & Publish new content


Demo for decentralized, self publishing blogging platform.

Follow in NewsfeedFollowing

Latest comments:

Changelog: August 8, 2019

on Aug 08, 2019 ·


  • New plugin system that allows to install and manage builtin/third party extensions to the ZeroNet client using the web interface.
    Example site for the new pluginAddRequest command:
  • Support multiple trackers_file
  • Fix bootstrapper plugin hash reloads [Thanks geekless for reporting]
  • Fix parsing config file lines that has % in the value [Thanks slrslr for reporting]
  • Fix CryptMessage plugin OpenSSL dll loading on Windows (ZeroMail errors) [Thanks cxgreat2014 for reporting]
  • Add OpenSSL 1.1 support to CryptMessage plugin based on Bitmessage modifications [Thanks to radfish]
  • More clean errors on sites.json/users.json load error
  • Display visual error message on startup errors
  • Fix max opened files changing on Windows platform
  • Various tweaks for tracker rating on unstable connections
Read more

Changelog: July 4, 2019

on Jul 05, 2019 ·


  • Built-in logging console in the web UI to see what's happening in the background. (pull down top-right 0 button to see it)

console.png (1046x514)

  • Display database rebuild errors [Thanks to Lola]
  • Fix start.py [Thanks to imachug]
  • Allow .. in file names [Thanks to imachug]
  • Fix parsing config lines that have no value
  • Allow multiple values of the same key in the config file [Thanks ssdifnskdjfnsdjk for reporting]
  • Change unstable trackers


  • Mark unread feed items
  • Open seeded files on new tab
  • Fix pinned status display for long file names

Started working on plugin management web interface, that will simplify adding new features to the client from third-party developers. Eta: 1-2week

Read more

Changelog: June 6, 2019

on Jun 06, 2019 ·

I'm back from my Portugal vacation. :)

Rev4100 (Python 3 version)

  • Fix weird bug that made some binary file transfers (that contains '\0') never finish. (also backported to Py2 version)
  • Fix signature verification using libsecp256k1 for compressed addresses (mostly certificates generated in the browser)
  • Fix newsfeed if you have more than 1000 followed topic/post on one site.
  • Fix site download as zip file
  • New updater that also support updating bundle runtime files
  • Site check also start download optional files based on optionalHelp
  • Don't download geodb files in offline mode
  • Setup test environment for Python 3.8
  • Make geodb downloading / peer position checking async to avoid blocking
  • Don't push content.json updates larger than 10kb to significantly reduce bw usage for site with many files
  • Prefer to use user cart/private key when signing content in the sidebar.
  • Fix log_dir exception on startup fail
  • Fix displaying sites with utf8 title
  • Make redirect optional on site cloning (Thanks to Lola)
  • Error message if dbRebuild fails (Thanks to Lola)
  • Fix browser reopen if executing start.py again. (Thanks to imachug)
  • EccPrivToPub / EccPubToPriv functions (Thanks to imachug)
  • Detect and change dark/light theme based on OS setting (Thanks to filips123)
  • wrapperWebNotification/wrapperCloseWebNotification functions (Thanks to imachug)
  • New dist script for Python3/Windows version

First binary version of the Python3 / Windows (64bit): ZeroNet-py3-win64.zip

Read more

Changelog: April 23, 2019

on Apr 23, 2019 ·

Python3 Rev4080:

  • Efficient file rename: change file names instead of re-downloading the file.
  • Offline mode: Disable network connection and site updates.
  • Security fix: Escape error detail to avoid XSS (reported by krzotr) [Py2]
  • Use lang=en instead of lang={lang} in urls to avoid url encode problems [Py2]
  • Remove environment details from error page [Py2]
  • Better error logging for siteCmd cli command
  • Automated test of optional Multiuser and Bootstrapper plugins
  • ecdsaSign/Verify commands to CryptMessage plugin (Thanks to imachug)
  • Test and detect incorrect plugin order in debug mode
  • Fix file diff apply
  • Fix various problems with Bigfile plugin (Thanks to radfish)
  • Fix db VACUUM transaction errors

The changes marked with [Py2] also backported to the Python2 version.

The py3 branch looking good enough to start making binary versions as the next step of the transition to Python3.

Read more

Python3 version ready for testing!

on Apr 10, 2019 ·

After months of silence, 250commits in 325 files I'm happy to annonce that the future-proof, Python3 version is ready for testing. :)

Major changes:

  • Compatible with Python 3.4-3.7
  • New database layer that should avoid database corruption on unexpected shutdown
  • Removed bundled third-party modules
  • Source code updater using ZeroNet protocol
  • 5-10x faster signature verification by using libsecp256k1 (Thanks to ZeroMux)
  • Generated SSL certificate randomization to avoid protocol filters (Thanks to ValdikSS)
  • Use new library for file system watching in debug mode
  • Fix sidebar opening on slower computers
  • Added many new test cases

The source code is avaliable from https://github.com/HelloZeroNet/ZeroNet/tree/py3
The binary packages are coming soon!

I promise that the next update won't take 2 months. :)

Read more

Version 0.6.5

on Feb 01, 2019 ·


  • IPv6 support in peer exchange, bigfiles, optional file finding, tracker sharing, socket listening and connecting (based on tangdou1 modifications)

  • New tracker database format with IPv6 support

  • Refactored port open checking with IPv6 support

  • Display notification if there is an unpublished modification for your site

  • Consider non-local IPs as external even is the open port check fails (for CJDNS and Yggdrasil support)

  • Listen and shut down normally for SIGTERM (Thanks to blurHY)

  • Check the length of master seed when executing cryptGetPrivatekey CLI command

  • Only reload source code on file modification / creation

  • Add IPv6 tracker and change unstable tracker

  • Support tilde ~ in filenames (by d14na)

  • Detection and issue warning for latest no-script plugin

  • Don't correct sent local time with the calculated time correction

  • Support map for Namecoin subdomain names (Thanks to lola)

  • Add log level to config page

  • Don't show meek proxy option if the tor client does not supports it

  • Quick check content.db on startup and rebuild if necessary

  • Only support CREATE commands in dbschema indexes node and SELECT from storage.query

  • Support {data} for data dir variable in trackers_file value

  • Disable CSP for Edge

  • Fix site cloning before site downloaded (Reported by unsystemizer)

  • Fix queryJson for non-list nodes (Reported by MingchenZhang)

  • Fix multi-line parsing of zeronet.conf (Reported by xx)

  • Fix site deletion from users.json

  • Fix sql queries with lots of variables and sites with lots of content.json (Reported by xx)

  • Fix atomic write of a non-existent file


  • Add separate IPv6 and IPv4 port open status
  • Fix display of IPv6 trackers
  • Hint about search in sites
  • Wait longer delay after typing if you have many sites in your client
  • Display paused/active status of optional files in the Files tab

Python3 support is still in the works (and it's no.1 priority now), but it requires more modifications, than I originally thought, so I prioritized IPv6 over it.

Read more

Changelog: December 13, 2018

on Dec 14, 2018 ·


  • Multilanguage, self hosted documentation with ongoing Fr/Zh translation + ZeroNet mirror: [Thanks to Lola, blurHY]
  • Fix sandbox escape vulnerability [Thanks, reported by ivanq/ZeroLSTN]
  • Restrict script execution by using Content security policy: It prevents code execution in case of sandbox escape/html injection.
  • Make Sidebar, Multiuser, UiConfig, UiPassword plugin compatible with hardened security changes.
  • Use chromedriver for testing as phantomjs does not supports sites with new content security policy.
  • Auto escape variables in template underscore helper
  • Cleanup entries older than 6 month from charts.db
  • New certList admin API call
  • Don't delete optional files from owned sites
  • Fix signing when --data_dir contains window-style path separators.
  • Fix setLocalStorage call before websocket connection is created
  • Fix saving user mutes
  • ZeroFrame.js 1.3.0: Support monkey patching Fetch API

I started the modifications that will be necessary to move ZeroNet codebase to Python 3. This will also include other major changes:

  • Move sqlite database connection to separate thread: make the UI more responsive and avoid blocking on db heavy operations (eg. rebuilding)
  • New database sync mode: Avoid db corruption on power loss or hw error
  • Support libsecp256k1: ~10x speed boost in file and certificate validation
  • Remove included third-party Python libraries (src/lib)
  • Update source code from ZeroNet by default

If everything goes well, then ETA: 2-3wk

Read more

Changelog: November 8, 2018

on Nov 08, 2018 ·


  • Added dark themes for ZeroTalk and ZeroMe, tuned ZeroHello and ZeroBlog based on feedback.
  • Log file got rotated daily, only keep last 5 files
  • Self hosted documentation with new design and lots of improvements: https://zeronet.io/docs/ (Thanks to anoadragon453!)
  • Fixed sidebar input fields on mobile browsers
  • Support limiting maximum big file size using --bigfile_size_limit (useful for proxies)
  • Experimental proof-of-work based cert providers: More info
  • Reworked user master key notification, added download as file option. (Thanks DaniellMesquita for ideas)
  • Spawn site announce async with 10 second wait time to avoid stalled site announce loop
  • Added ZeroNet logo for top-right fixbutton (Thanks DaniellMesquita)
  • Css and Js versioning: {site_modified} variable for html files that always got replaced with the "modified" value of the site root content.json or with the current time if "This is my site" is enabled on the sidebar. Issue#1740
  • Remove missing optional files on cloning
Read more

Version 0.6.4

on Oct 20, 2018 ·


  • Add theme support to ZeroNet sites
  • Dark theme for ZeroHello and ZeroBlog (+ more sites coming soon)
  • Fix peer connecting bug for sites with low amount of peers
  • Update jQuery to latest version (Thx to DaniellMesquita)

dark-theme.png (1240x830)

Detailed info and POC of the "Vacation" sandbox escape bug that was discovered by GitCenter / Krixano / ZeroLSTN 3 weeks ago (fixed in Rev3616+): The Vacation Vurnerability list

Call for help:

  • We are looking for a maintainer for the Android client (ZeroNet-kivy)
Read more

Changelog: October 16, 2018

on Oct 15, 2018 ·


  • Changes in optional/big file behavior: The pinned optional files won't be removed from download queue after 30 retries and won't be deleted even if the site owner removes it.
  • Fix peer number query on optional files if no optional file downloaded yet
  • Don't remove incomplete (downloading) sites on startup
  • Remove --pin_bigfile argument as big files are automatically excluded from optional files limit.
  • Fix cancellation of optional file downloading


  • Fold menu upwards if it would flow out of the screen
  • Show and manage "Connecting" sites


  • Pin file on Seed button click
  • Add pinned files to Seeding tab

Gave a speech about ZeroNet @ TEDSalon: Society 5.0 NYC

They said the editing/curating takes a few months. I think it went pretty ok, let's hope they think the same way. :)

TEDSalon.jpg (700x465)

Read more

"The Vacation" Sandbox escape bug [Reported by GitCenter / Krixano / ZeroLSTN]

on Sep 30, 2018 ·

As a result of invalid file type detection, a malicious site could escape the iframe sandbox.
How to fix: update to ZeroNet Rev3616 or later.

Type: Browser iframe sandbox escape

Applied fix: Replaced the previous, file extension based file type identification with proper one.

Affected versions: All versions before ZeroNet Rev3616

Read more

Changelog: September 21, 2018

on Sep 21, 2018 ·


  • Translation support for configuration page + hu, zh, pt-br translation (Thanks to DaniellMesquita, tangdou1)
  • Stop site downloading if it reached 95% of site limit to avoid download loop for sites out of limit (Thanks slrslr for report)
  • Add archived_before to user content rules to allow deletion of all user files before the specified date
  • Sidebar optimization and fix opening bug
  • Fix config page custom tracker filed validation (Thx blurHY for reporting)
  • Fix user settings deletion bug when using --multiuser_local
    (Thanks DaniellMesquita for reporting)
  • Fix blocklist of peers loaded from peerdb (Thanks tangdou1 for report)
  • Fix sidebar map loading on foreign languages (Thx tangdou1 for report)
  • Fix fileGet on non existent files (Thanks mcdev for reporting)


  • Better dashboard items display on small screen (Thx BenMcLean for report)
  • Fix tracker menu ordering on smaller screens
  • Fix followed feeds listing if there were no new items in last 3 days
Read more

Changelog: September 6, 2018

on Sep 05, 2018 ·


  • P2P time consensus: Detect out-of-sync system time using connected peer's median system time. ZeroHello will display a notification if the difference is more than 30 seconds. You can check your calculated system time difference on /Stats page. (You can compare the result with https://time.is)

  • Database table row stats on /Stats page.

  • Peer reputation save/restore to speed up sync time after startup.

  • Fix peer reputation boost for zero:// trackers.

  • Only allow 5 concurrent checkSites to run in parallel to reduce load under Tor/slow connection.

  • Remove unreachable shared trackers faster if working tracker target reached.

  • Configurable number of target number of shared trackers using --working_shared_trackers_limit

  • Full support fileGet, fileList, dirList calls on tar.gz/zip files.

Read more

Changelog: August 28, 2018

on Aug 28, 2018 ·

Shared tracker list between users:

New tracker IPs automatically discovered from other users to reduce centralization and avoid the blocking of the trackers.

To start new tracker: Enable the Bootstrapper plugin with opened port, then it will automatically share your client's ip with other users as a possible tracker. (It's only recommended to do this if you have static ip and planning to keep your client running 24/7)

Only the working trackers (successful result in past hour) are shared with other peers and the discovery request done in every 5 minutes until your client found 5 working shared trackers. This feature is also got limited to zero:// trackers only as it more suited for ZeroNet, because it allows multiple sites announce in same request and the storage of .onion addresses.

Other changes (Rev3571):

  • Copy site address with peers link on the sidebar.

  • Zip file listing and streaming support for Bigfiles.

  • Tracker statistics on /Stats page

  • Allow tracker connections to loopback to your client and announce yourself.

  • Reduce the request frequency to unreliable trackers.

  • Fix double announce on new site visit and startup.

  • Fix trayicon compatibility with latest gevent

  • Fix request number counting for zero:// trackers

Read more

Decentralized Web Summit 2018

on Jul 25, 2018 ·

dws2018.jpg (1000x500)

I will be around San Francisco in the next few days and I'm going speak at Decentralized Web Summit 2018. Hope to see you there! :)

Recent changes:

  • Updated Windows & Mac binaries to latest version
  • Fix browser open configuration element saving bug
  • Load trackers file on startup
  • Fix UDP trackers parsing
  • Force re-announce loading site on refresh
  • Trackers file always relative to executable


  • Fix username highliting


  • ​​​​​​​Add search field
Read more
Add new post


21 hours ago · 2 min read ·
Read more

Not found


21 hours ago · 2 min read


user_name1 day ago
This page is a snapshot of ZeroNet. Start your own ZeroNet for complete experience. Learn More