From 45719f6b7bffc14135f3f0a1f09f809133148f46 Mon Sep 17 00:00:00 2001 From: rugk Date: Fri, 30 Jan 2026 13:47:22 +0100 Subject: [PATCH] docs: clarify how/where encryption key is inside an URL In order to clarify things like raised in https://github.com/PrivateBin/PrivateBin/pull/1759#discussion_r2746115299 So people are not too concerned about bots... --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9ea3adf4..e030cf50 100644 --- a/README.md +++ b/README.md @@ -43,8 +43,10 @@ features. [DANE](https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities) record. -- The "key" used to encrypt the paste is part of the URL. If you publicly post - the URL of a paste that is not password-protected, anyone can read it. +- The "key" used to encrypt the paste is part of the URL (in + [the fragment part separated by the `#`](https://en.wikipedia.org/wiki/URL#fragment)). + If you publicly post the URL of a paste that is not password-protected, anyone + can read it. Use a password if you want your paste to remain private. In that case, make sure to use a strong password and share it privately and end-to-end-encrypted.