software

I Built a Pastebin Where Even I Can't Read Your Data

Published: (January 10, 2026 at 05:25 AM EST)
2 min read
Source: Dev.to

Source: Dev.to

The Problem

Every time you share a password or API key, you’re trusting:

  • The platform’s servers
  • The platform’s employees
  • The platform’s security
  • Every future breach that hasn’t happened yet

That’s a lot of trust for “just a quick paste.”

Regular pastebins store your data in plain text. When (not if) they get breached, everything’s exposed.

The Solution: Zero‑Knowledge Architecture

CloakBin encrypts everything in your browser before it ever touches our servers. We literally cannot read your pastes, even if we wanted to.

1. Client‑Side Encryption

When you create a paste, JavaScript encrypts your content using AES‑256 (the same encryption banks use) right in your browser.

2. The Key Never Leaves Your Browser

The encryption key lives in the URL fragment—the part after the #:

https://cloakbin.com/abc123#your-secret-key

Browsers never send URL fragments to servers. The # and everything after it stays client‑side.

ℹ️ This is a fundamental web security feature. Check your browser’s network tab—you’ll never see the fragment in any request.

3. What Our Server Actually Stores

Encrypted blob: U2FsdGVkX1+8K3...
Key: ¯\_(ツ)_/¯

We store encrypted noise. Without the key (which we never receive), it’s unreadable.

The Two‑Factor Sharing Problem

“Cool, but if I share the URL on Discord, the key’s right there in the message.”

You’re right. That’s why we added password protection.

With password protection:

  • The encryption key is derived from your password (using PBKDF2).
  • No key appears in the URL—just a clean link like https://cloakbin.com/abc123.
  • Only someone who knows the password can decrypt.

Secure sharing workflow

  1. Create a paste with password protection.
  2. Share the link on Discord/Slack/email.
  3. Send the password via a different channel (text, call, etc.).

Two channels = much harder to intercept both.

Try It Out

CloakBin screenshot

Ready to stop sharing secrets in plain text?

Got questions or feedback? Drop a comment below or open an issue on GitHub.

Back to Blog

Related posts

Read more »

Hello, Newbie Here.

Hi! I'm falling back into the realm of S.T.E.M. I enjoy learning about energy systems, science, technology, engineering, and math as well. One of the projects I...