Welcome to ZeroSecurity.bit !



info



general issues

problem
fix
info
abbreviation
ZeroNet sites may send your data (IP, ...) to the normal internet  in your browser: set a non-working proxy   
G001
Work on preventing/mitigating XSS and browser fingerprinting.   see poll
G003
Your users.json file can't be stored encrypted, and asking for passphrase on ZeroNet start   see bug
G004
Use torrents over I2P for anonymity   see bug
see poll, tor/i2p comparison
G005
ZeroNet source code is at a central place only (github)
  • download from 3 locations
  • bring inside of ZeroNet
  • have it in IPFS (A)
  • see ZeroNet roadmap
    G012
    Site admin are Gods (manipulation, ...)
    They decide what code is run from your local HD,
    did you fully audit it already?
  • possibly this
  • you can clone any site (after having done a full audit), but you have to update it also, see this
  •  
    G013
    Only 8 trackers (SPOF). DDOS (announces to) trackers.
    You can add your own tracker, but if no one uses them, you're on your own island
      see reddit
    G011
    Even when using --tor always, ZeroNet always connect to a clearnet service
    Do not use clearnet port checkers!!! Clearnet port checkers can be compromised!
      see bug
    see poll
    G007
    I want to revoke ZeroNet's control over the Tor Control Port.
    I will manually start an onion service and tell ZeroNet about it.
      see poll
    G009
    Open up a FileServer port only. Let me configure my Tor Hidden Service.   see poll
    G010
    add https   see bug
    G014


    specific sites

    ZeroNet site
    problem
    fix
    info
    abbreviation
    ZeroID sends your data (IP, ...) into normal internet
  • register via BitMessage
  • use Tor (B)
  • use ZeroVerse
  •  
    S001
    ZeroBoard sends your data (IP, ...) into normal internet
  • use Tor (B)
  •  
    S002
    ZeroPolls "Votes are tied to your ZeroID, they are pseudonymous, not anonymous.
    With a little bit of work someone can find out what you (your ZeroID) voted for."
       
    S003
    ZeroMail +
    mail@zeroverse
    You can know when someone sent a mail,
    and how many mails he sent.
    But, good: you can't know to whom he sent it.
       
    S004
    proxies /
    gateways
    the proxy operator has access to your data, ID, ...
  • Run your own ZeroNet instance!!!!!
  • If you've to use a proxy, you agree to be FUCKED.
  •  
    S005


    When you cloned a website from somewhere: make sure to keep it updated, see:


    notes

    (A)   So you wouldn't be able to delete the source code, and it would be self authenticating,
    and you could have an IPNS entry pointing to the latest IPFS link to the source code
    (B)   See my comment about Tor's weaknesses here.
    This page is a snapshot of ZeroNet. Start your own ZeroNet for complete experience. Learn More