I ran a very similar service for years. And yes it will be abused. I stopped when russian and chinese bots where sending many messages per seconds containing AI generated marketing bullshit with links to scammy sites in various format (html, bb code, markdown, …) and it became GB of text… :/. I still haven't finish to clean things up. The service is now discontinued because of this: https://paste.fulltxt.net/
It will be. Any time you offer something that allows anonymous uploads & shares (hell, sometimes even if you don't allow share, people will share accounts), it will be a silo 95% full of material that's illegal in practically every corner of the world.
If you play the good citizen and encrypt the files, giving the key to the owners, then you also don't have any means to preemptively detect and delete that stuff, you just keep waiting on some law agency knocking at your door. Also, if you openly say "hey I'll peek into your files to see if they are legal", then they will be the ones encrypting. Disallow that? It's a nightmare to detect and abusers are really, really creative! So much dedication too!
And it's not just CSAM, there will be detailed instructions on practically any illegal thing you couldn't even imagine.
It's bad, really bad, and I've grown to accept that small, closed community services (best with real-world connections) are the only way forward.
I wrote something similar as a toy project a while back, it's open source, and I host a "demo" version of it, but for fear of all of this, I limited it to only kilobytes of data and have the links expire after an hour.
I run it on my LAN for my own use, which is what I think it's best for, but I really don't like having something like this on the web.
Luckily, I've never advertised or shown it off so nobody but myself uses it, but I'll probably take down the demo site too, soon.
It's sad that you don't have Internet friends that you trust enough to share that with after writing all that code. Maybe open source it but don't link to your demo instance? It's more sad that the Internet is like that. There are a couple of really neat quirky projects out there that I only know about through word of mouth because the open Internet is not to be trusted. The projects are behind a login wall, so it's not like they're discoverable either.
The name of the project is its domain so I'd have to separate them out, which is why I've kept the demo site online for years now, despite basically no usage, I'm also a big fan of being able to try something before you go through the effort of deploying it yourself.
The project is already open-source on Github, but I don't actively link to it in public forums because I don't want to have to deal with it being used for questionable/illegal content, which is also the reason I haven't added some of the features I'd like to, and severely limited the size and duration for the demo site.
It's been a nice toy project, I added multiple architectures support for the Docker image builds when I was working out how to do that, manifests to deploy it in Kubernetes when I was first learning that and even made it a Nix flake when I first started playing with NixOS; The code itself is written in Go with a goal of using zero external (outside of standard library) dependencies, keeping the code small and clean for non-programmers to be able to understand and uses some Go features that were new/interesting to me at the time they were added.
It'd need to grow a lot and forgo some of those goals for me to add the features I would like to see, but for something nobody will use, and I use quite sparingly myself, there's no need.
This. The reason why we don't have an un-siloed, general-purpose means of file transfer after 40 years of internet is probably more a legal than a technical one...
Usually youll find vendor lock ins because the actual hard part of this isn’t legal, it’s building a user base from non-technical users. And that usually requires having your standard included with platforms they already use.
This is why (for example) Google Drive and OneDrive have become so popular despite Dropbox being first to market.
There’s plenty of other file transfer solutions out there too but you’ll find the un-siloed ones will be lesser known than the siloed ones simply because of the power of $$$
I would personally suggest that this site probably "wants" accounts. Yes, with CAPTCHAs (on registration.) If you want to be able to ban people who abuse your service, you'll need some thing-that-is-costly-to-get-multiple-of to ban them by. Otherwise they just keep coming back.
To still be a "console-friendly pastebin", the result of doing that costly registration process, could just be a page that gives you a (private) URL, that works like the base URL does now. https://paste.c-net.org/b/{bucket} or something, where {bucket} is a UUIDv4, or anything else with enough entropy to not be able to brute-force enumerate your way into someone else's account URL.
The uploaded files themselves could still have short human-writable top-level paths, for ease of repeating them over the phone.
Though, I notice that when you upload a file, you get a "delete key" as well as a URL. IMHO the "delete key" shouldn't be a weird nonstandard header you send with an HTTP DELETE; it should just be a URL — e.g. https://paste.c-net.org/b/{bucket}/{delete_key} — that you can HTTP DELETE directly.
In other words, make /b/{bucket}/{delete_key} the file's "true name", and /{link} a "read-only view" of the file.
When you say abused, I assume you mean either CSAM or copyrighted material?
Is there a hash database or something that could be queried to block known bad stuff? (would probably fail in the face of compression or encryption, but catching the low-hanging fruit would at least probably handle any potential legal liability?) Seems like something useful AI would actually work well for, if FBI/publishers/etc., would train a model and release it or host a service with an API.
The full code for the service is here: https://paste.fulltxt.net/42
The command-line paste tool was this simple script: https://paste.fulltxt.net/txtp
In another distant past, I ran an URL minification service at http://uzy.me/, and there too because of spams, I had to discontinue it.
Spam is really killing the internet… This actually saddens me.