Pastebud: It Seemed Like a Good Idea!

By  |  Friday, December 12, 2008 at 6:19 pm

pastebudlogo(NOTE: Jed Schmidt of Pastebud fixed the problem I discuss in this post yesterday night after I notified him about it. It affected only users–such as me–who misconfigured the service. Scroll down for details…)

Yesterday, I waxed enthusiastic about Pastebud, a new copy-and-paste service for the iPhone that gets around Apple’s lack of support for such a feature via a clever end-run that involves transferring text back and forth between Safari and Mail via an online clipboard. I waxed prematurely: I’m using Pastebud, which became available today…and it’s apparently giving me access to strangers’ clipboards.

It’s happening when I try to copy-and-paste from e-mail on my iPhone, which involved forwarding the e-mail you want to copy from to an e-mail address Pastebud gives you. You get an e-mail in return with a link to a Web page. Your e-mail is supposed to await there, ready for you to select part of it for pasting into another e-mail or into a Web form.

But I’m getting text I didn’t send–the complete text of e-mails–such as this (personally identifiable info censored):

pastebud-glitch

And this (an e-mail header in French):

pastebud-glitch21

Pastebud’s site addresses security, and says it’s “safe enough” for general use. Based on my experience so far, I think not! But I don’t know if I’m running into some bizarre quirk or doing something wrong, or if this is happening to everyone who’s trying Pastebud as I speak. I just know that I’ve come to the conclusion that using a Web service as a substitute for a feature that should be in a device’s OS may not be such a great idea after all.

pastebud-security1

By definition, Pastebud’s e-mail-copying feature isn’t anonymous: It copies complete e-mails complete with headers and other personally-identifiable info that’s in those messages, then sends them to a Web page that’s at an arcane URL and gets nuked quickly, but isn’t password-protected. That shouldn’t be a huge problem, assuming you’re the only person who has access to the page. If random other Pastebud users are sent to it when they try to get to their own clipboards, though…problem!

I’m going to attempt to contact the company and see what’s up–and will let you know what I hear.

(Update: Pastebud’s Get Satisfaction forum has reports from other folks who are experiencing this, and a note that the company is working on the problem. Which is good news, but Pastebud is still operational, and is still giving me strangers’ e-mail. Like this one:

pastebud-glitch3

And, I would tend to assume, Pastebud is probably giving other people my e-mails I’ve tried to copy…not that they’re all that scandalous.)

(Further update: Pastebud–someone from the company, I mean–got my query and says it’ll follow up.)

(Further further update: I’m talking to Jed Schmidt, the guy behind Pastebud: He’s diagnosing what’s going on. More details to come.)

(Furthest update so far: Jed Schmidt says that he thinks they’ve found the problem. For what it’s worth, I just tried copying an e-mail again. And for the first time, I got my own e-mail rather than somebody else’s.)

(Final update: In the comments, Jed Schmidt says that he’s identified and fixed the problem. It was apparently a security flaw revealed by user error–I and other users were forwarding the e-mails we wanted to copy from to the wrong e-mail address–due, in my case at least, to the fact that Pastebud’s instructions are pretty terse–and ended up with a bizarre collective clipboard. I’ll try to take another look at Pastebud and let you know what I think now that this glitch has been addressed…)

 
43 Comments


Read more: , ,

13 Comments For This Post

  1. Jed Schmidt Says:

    This is clearly not acceptable, but I’m sure we’ll get it ironed out in the next week.

    Jed Schmidt

  2. Jed Schmidt Says:

    Harry,

    I’ve updated this issue over at Get Satisfaction[1], but let me just summarize what exactly was going wrong: you were inadvertently forwarding your emails not to your secret pastebud address, but to the address set as the from address for these emails, which was [email protected].

    This happened to other folks too; instead of sending email to secr[email protected], they were sending to [email protected]. And everyone who was doing this ended up sharing the same clipboard.

    Anyway, I just wanted to let you know that we’ve fixed it, and the changed will be live by the morning. You can find more details about the issue here[1].

    Thanks again for bringing this to our attention, and let me know if there’s anything else you need clarification on.

    Jed Schmidt
    Founder, pastebud

    [1] http://gsfn.us/t/of0

  3. Podesta Says:

    ‘Pastebud’ seems to have disappeared from the App Store. Perhaps it has been renamed.

  4. Tom King Says:

    This is a challenge with privacy and security. I wrote 2 simple and free web page utilities to help with pasting into a web page or posting a web URL to twitter. Both use a trick I gleaned from the Twitteriffic iPhone help and protocol handler. The pages referenced below explain how it all works and actually create the bookmarklets.

    iPastelet: http://mobilemind.net/___ Note that the URL ends with 3 underscores. It makes bookmarks that find a text field in the DOM and pastes a fixed string into the field.

    iPOSTlet: http://mobilemind.net/__ Note that the URL ends with TWO underscores. From Mobile Safari, it opens Twittelator with a new post containing the Mobile Safari URL. Handy way to tweet a page you find on the iPhone.

    In both cases, the page builds a javascript: URL after the ‘?’. Currently there is nothing to stop anyone from forming their own malicious URL by appending rogue JavaScript after a ‘?’to the URLs above.

    I’ll soon be adding a MD5 checksum test to reduce this possibility. Meantime it’s best to type the initial URLs yourself and inspect the javascript of pages and the ‘bookmarklets’ to be safe.

  5. Harry McCracken Says:

    Podesta–Pastebud is entirely Web-based and therefore isn’t in the App Store. It’s at Pastebud.com.

    –Harry

  6. Pseudonymous Coward Says:

    Storing data on the _web_ to copy it _locally_ is akin to emptying one’s trash by first moving files to a web server and then deleting it there.

  7. Suits Says:

    I am happy that this was cleared up. I stopped using the app after i saw this and now i am happy that it is working again.

  8. Irish Says:

    Waar kan ik pastebud vinden? In de app store kan ik het niet vinden. Kan iemand mij zeggen waar!!!

  9. David Says:

    I don’t know if this was some kind of bug from Pastebud or what. But, when I first used it, I tried to highlight an article that was fairly four paragraphs long. My Safari then crashed and kicked me out.

    Then, when I went to try to load the page back up, my Safari loading bar wouldn’t load past the first eighth of the session. Fearful for the drive of my phone, I deleted both the “Paste” and “Copy” from my book marks. About 5 minutes later, U attempted to use Safari and it launched with no problems.

    I decided to try and format the “Copy” and “Paste” into my book marks and highlight another 2 paragraph passage. It worked. I hit the home button on my phone and tried to launch Safari again. Again, the bar wouldn’t load past the first eighth of the session no matter how long I sat there. I got nervous and hit the bookmark button to delete them.

    This time I waited longer because my Safari wouldn’t load for about 15 minutes. Is this a problem due to Pastebud? My Safari works fine since Ive deleted Pastebuds bookmarks. The only problem is that I want to use Pastbud, but Im afraid it will terminate my Safari. Did I do something wrong?

  10. michael Says:

    I am trying to develop an application for iphone that tracks browser history and emails it to someone. Any idea how to contact one of these super-iphone guru's for consulting services or contracting?

  11. oninhk Says:

    dsfsdfs67877 test test

  12. green bay packers Says:

    I could not think you are more right.

  13. get rid acne that keeps coming back Says:

    They’re very natural, so lemons are a great way of bleaching the skin and helping
    to reduce the appearance of your acne scars. You can rub a little portion of garlic on your
    acne, more than once in a day. Searching gonna college or any other public spot, they even make light gold necklaces since they are
    not limited for you to be worn throughout parties simply.

30 Trackbacks For This Post

  1. UPDATED PRIVACY WARNING: Gizmodo and Lifehacker Go Hands On with Pastebud Copy/Paste for iPhone | The iPhone Blog Says:

    [...] PRIVACY WARNING: Technologizer is showing that they’re getting other people’s clipboard data in their paste results, [...]

  2. iPhone copy/paste between Safari and Mail with pastebud | one digital life Says:

    [...] (12/12/2008): The service went online today, and apparently there’s some concerns about security. use at your own [...]

  3. iPhone 3G » Blog Archive » UPDATED PRIVACY WARNING: Gizmodo and Lifehacker Go Hands On with Pastebud Copy/Paste for iPhone Says:

    [...] PRIVACY WARNING: Technologizer is showing that they’re getting other people’s clipboard data in their paste results, [...]

  4. UPDATED PRIVACY WARNING: Gizmodo and Lifehacker Go Hands On with Pastebud Copy/Paste for iPhone | My Apple iPhone Says:

    [...] PRIVACY WARNING: Technologizer is showing that they’re getting other people’s clipboard data in their paste results, [...]

  5. UPDATED PRIVACY WARNING: Gizmodo and Lifehacker Go Hands On with Pastebud Copy/Paste for iPhone - iPhone Newswire Says:

    [...] PRIVACY WARNING: Technologizer is showing that they’re getting other people’s clipboard data in their paste results, [...]

  6. Blogs of the Day 13-12-2008 « Téo Costa - Webdesigner Freela Says:

    [...] Pastebud: It Seemed Like a Good Idea! Yesterday, I waxed enthusiastic about Pastebud, a new copy-and-paste service for the iPhone that gets around [...] [...]

  7. UPDATED PRIVACY WARNING: Gizmodo and Lifehacker Go Hands On with Pastebud Copy/Paste for iPhone | IPHONE NEWS Says:

    [...] PRIVACY WARNING: Technologizer is display that they’re effort other people’s clipboard accumulation in their adhesive [...]

  8. Pastebud: App-less iPhone Copy & Paste, Can also go horribly Wrong as well | PMP Today Says:

    [...] [product via gizmodo] GA_googleFillSlot(“PMP-300×250″); [...]

  9. iPhone Copy Paste Pastebud Delivers Copied Text to Strangers via Email - Specs, reviews and prices. Says:

    [...] technologizer Related PostsWe Have iPhone Copy Paste… Kind of… Again One of my unsettled iPhone [...]

  10. UPDATED AGAIN: Gizmodo and Lifehacker Go Hands On with Pastebud Copy/Paste for iPhone | My Apple iPhone Says:

    [...] UPDATE/PRIVACY WARNING: Technologizer is showing that they’re getting other people’s clipboard data in their paste results, [...]

  11. iModZone » Blog Archive » iPhone Copy/Paste Service Pastebud Delivers Copied Text to Random Strangers Says:

    [...] Jed Schmidt, the creator of Pastebud, figured out the problem pretty quickly: the directions weren’t clear enough, so users had been sending their text to be copied to the wrong email address, leading to a sort of communal pool of emails that got sent out randomly. It should be fixed now, but it’s just one more lesson to read the warning carefully: Pastebud is not the tool to use if you’ve got top-secret blueprints or a mistress holed up in an apartment somewhere. [Technologizer] [...]

  12. iPhone Copy/Paste Service Pastebud Delivers Copied Text to Random Strangers [IPhone] | PCInsight - Tech News Says:

    [...] Jed Schmidt, the creator of Pastebud, figured out the problem pretty quickly: the directions weren’t clear enough, so users had been sending their text to be copied to the wrong email address, leading to a sort of communal pool of emails that got sent out randomly. It should be fixed now, but it’s just one more lesson to read the warning carefully: Pastebud is not the tool to use if you’ve got top-secret blueprints or a mistress holed up in an apartment somewhere. [Technologizer] [...]

  13. Pastebud plakt niet langer teksten van andere gebruikers > Nieuws > iPhoneclub.nl Says:

    [...] info: Technologizer Vorige [...]

  14. UPDATED AGAIN: Gizmodo and Lifehacker Go Hands On with Pastebud Copy/Paste for iPhone | i-Phones Plus Says:

    [...] UPDATE/PRIVACY WARNING: Technologizer is showing that they’re getting other people’s clipboard data in their paste results, [...]

  15. Pastebud n’est pas vraiment étanche - Gizmodo - Tant d'amour pour ces fabuleux nouveaux gadgets, c'est surnaturel. Says:

    [...] des données sensibles à des sites, services ou applications non éprouvés préalablement. [Technologizer] [...]

  16. Geek42.org » Blog Archive » Aplicação para iPhone que fornece Cortar-e-Colar tem problemas de segurança Says:

    [...] Fonte: Technologizer [...]

  17. Pastebud Sends Copied Data To Wrong Users | iPhone 3G Hacked Says:

    [...] [via Technologizer] [...]

  18. UPDATED AGAIN: Gizmodo and Lifehacker Go Hands On with Pastebud Copy/Paste for iPhone | IPHONE NEWS Says:

    [...] UPDATE/PRIVACY WARNING: Technologizer is display that they’re effort other people’s clipboard accumulation in their adhesive [...]

  19. Ma News du Jour » Pastebud n’est pas vraiment étanche Says:

    [...] Les choses sont apparemment entrées dans l’ordre maintenant, mais c’est une illustration de plus du fait qu’il ne faut pas confier aveuglement des données sensibles à des sites, services ou applications non éprouvés préalablement. [Technologizer] [...]

  20. UPDATED AGAIN: Gizmodo and Lifehacker Go Hands On with Pastebud Copy/Paste for iPhone - iPhone Newswire Says:

    [...] UPDATE/PRIVACY WARNING: Technologizer is showing that they’re getting other people’s clipboard data in their paste results, [...]

  21. Pastebud envía los textos copiados a extraños al azar - Gizmodo ES - The gadgets weblog Says:

    [...] si acaso, yo que tú no enviaría textos con secretos de estado/húmedos mediante este sistema. [Technologizer] [...]

  22. iPhone 3G » Blog Archive » UPDATED AGAIN: Gizmodo and Lifehacker Go Hands On with Pastebud Copy/Paste for iPhone Says:

    [...] UPDATE/PRIVACY WARNING: Technologizer is showing that they’re getting other people’s clipboard data in their paste results, [...]

  23. PasteBud works… Says:

    [...] Yes there is Copy and _Paste on your iPhone/iPod Touch, if you don’t mind going through hoops and potential problems if you don’t configure correctly. [...]

  24. Pastebud, copiar pegar para el iPhone tiene un gran fallo Says:

    [...] Pastebud, copiar pegar para el iPhone tiene un gran fallotechnologizer.com/2008/12/12/pastebud-it-seemed-like-a-good-… por jgaztelu hace pocos segundos [...]

  25. Pastebud Privacy Bugs Daring Fireball BookMark Says:

    [...] read more…. [...]

  26. Pastebud: Copy and paste comes to the iPhone (sort of) -- Reality Distortion: Macs, Mac OS X, and Apple stuff Says:

    [...] are potential reliability issues, as well as potential (and not-so-potential) security issues, surrounding copying and pasting over the [...]

  27. Apple iPhone Apps - iPhone Copy/Paste Service Pastebud Delivers Copied Text to Random Strangers | Apple iPhone App Reviews | iFones.com Says:

    [...] Jed Schmidt, the creator of Pastebud, figured out the problem pretty quickly: the directions weren’t clear enough, so users had been sending their text to be copied to the wrong email address, leading to a sort of communal pool of emails that got sent out randomly. It should be fixed now, but it’s just one more lesson to read the warning carefully: Pastebud is not the tool to use if you’ve got top-secret blueprints or a mistress holed up in an apartment somewhere. [Technologizer] [...]

  28. How To Copy and Paste with The iPhone? Says:

    [...] installing it. One of the main reasons that made me skeptical was after reading a review about some problems with PasteBud. To me, it seems very risky to have my information copied onto a public server and then pasted to [...]

  29. Aplicação para iPhone que fornece Cortar-e-Colar tem problemas de segurança | TECHNOLOGY BLOGGER FACEBOOK LOWONGAN KERJA MP3 Says:

    [...] Fonte: Te&#99hn&#111l&#111gizer [...]

  30. talbog.com » Blog Archive » im-dying-to-get-my-hands-on-an-iphone-keyboard-i Says:

    [...] own browser, e-mail, calendar, note-taker, and other apps. In a way, external keyboards are like cut and paste: It may be possible to get them working, kind of, without Apple’s support. But Apple is the [...]

Comment on This Story