THE NULL POINTER
================

Temporary file hoster.

Also check out the WebWormhole instance at hole.0x0.st!
Note: It does not provide a TURN relay, so it will not work if both sides are
behind NAT and at least one of them is a symmetric NAT.

min_age = 30 days
max_age = 1 year
max_size = 512.0 MiB
retention = min_age + (min_age - max_age) * pow((file_size / max_size - 1), 3)

   days
    365 |  \
        |   \
        |    \
        |     \
        |      \
        |       \
        |        ..
        |          \
  197.5 | ----------..-------------------------------------------
        |             ..
        |               \
        |                ..
        |                  ...
        |                     ..
        |                       ...
        |                          ....
        |                              ......
     30 |                                    ....................
          0                      256.0                      512.0
                                                              MiB


Uploading files
Send HTTP POST requests to https://0x0.st with data encoded as multipart/form-data

Valid fields are:
  ┌─────────┬────────────┬────────────────────────────────────────────────┐
  │ field   │ content    │ remarks                                        │
  ╞═════════╪════════════╪════════════════════════════════════════════════╡
  │ file    │ data       │                                                │
  ├─────────┼────────────┼────────────────────────────────────────────────┤
  │ url     │ remote URL │ Mutually exclusive with “file”.                │
  │         │            │ Remote site must return Content-Length header. │
  ├─────────┼────────────┼────────────────────────────────────────────────┤
  │ secret  │ (ignored)  │ If present, a longer, hard-to-guess URL        │
  │         │            │ will be generated.                             │
  ├─────────┼────────────┼────────────────────────────────────────────────┤
  │ expires │ hours OR   │ Sets maximum file lifetime in hours OR         │
  │         │ ms since   │ the time of expiration in milliseconds since   │
  │         │ epoch      │ UNIX epoch.                                    │
  └─────────┴────────────┴────────────────────────────────────────────────┘

    

    
cURL examples
    Uploading a file:
        curl -F'file=@yourfile.png' https://0x0.st
    Copy a file from a remote URL:
        curl -F'url=http://example.com/image.jpg' https://0x0.st
    Same, but with hard-to-guess URLs:
        curl -F'file=@yourfile.png' -Fsecret= https://0x0.st
        curl -F'url=http://example.com/image.jpg' -Fsecret= https://0x0.st

    Setting retention time in hours:
        curl -F'file=@yourfile.png' -Fexpires=24 https://0x0.st
    Setting expiration date formatted as milliseconds since UNIX epoch:
        curl -F'file=@yourfile.png' -Fexpires=1681996320000 https://0x0.st
    

It is possible to append a custom file name to any URL:
    https://0x0.st/aaa.jpg/image.jpeg

File URLs are valid for at least 30 days and up to a year (see above).

Expired files won’t be removed immediately but within the next minute.

Maximum file size: 512.0 MiB


Managing your files
Whenever a file that does not already exist or has expired is uploaded,
the HTTP response header includes an X-Token field. You can use this
to perform management operations on the file by sending POST requests
to the file URL.

When using cURL, you can add the -i option to view the response header.

Valid fields are:
  ┌─────────┬────────────┬────────────────────────────────────────────────┐
  │ field   │ content    │ remarks                                        │
  ╞═════════╪════════════╪════════════════════════════════════════════════╡
  │ token   │ management │ Returned after upload in X-Token HTTP header   │
  │         │ token      │ field. Required.                               │
  ├─────────┼────────────┼────────────────────────────────────────────────┤
  │ delete  │ (ignored)  │ Removes the file.                              │
  ├─────────┼────────────┼────────────────────────────────────────────────┤
  │ expires │ hours OR   │ Sets maximum file lifetime in hours OR         │
  │         │ ms since   │ the time of expiration in milliseconds since   │
  │         │ epoch      │ UNIX epoch.                                    │
  └─────────┴────────────┴────────────────────────────────────────────────┘

    

    
cURL examples
    Delete a file immediately:
        curl -Ftoken=token_here -Fdelete= https://0x0.st/abc.txt
    Change the expiration date (see above):
        curl -Ftoken=token_here -Fexpires=3 https://0x0.st/abc.txt
    


Notes for client software and script authors
None of these are hard rules, but I’d appreciate if you could
follow them anyway!

Consider this: I have to moderate what is being uploaded here
in order to comply with laws and the server provider’s terms of
service. And I also care about legitimate users of this site.
I don’t want to be forced to make the service worse for them
because of a few bad actors.

Use a user agent string that uniquely identifies your program and
is not an attempt at masquerading as something else
-------------------------------------------------------------------

There are no rules for the format, just conventions. I don’t try to
parse these in any way, so something like “NameOfProgram/1.0” is
perfectly fine.
Some software actually includes contact info in the string in case
someone needs to talk to the author, and I think that’s a great
idea!

Good UA strings make my life a little easier by reducing the number
of files I might have to sift through. I cannot and do not want to
look at everything.

Respect your users and their privacy rights
-------------------------------------------------------------------

If your software uses 0x0.st to upload things like logs for
troubleshooting, and you don’t have the means to run your own
instance, please only do that with user consent, and, if
applicable, allow them to review what is about to be sent.
Let them edit out anything that could be linked to their person.

    -> If you’ve ever seen KDE’s or qutebrowser’s crash dialogs,
       those are examples of what that might look like.

Inform users about the nature of this site: They should be aware
that it’s a public file hoster run by some Internet rando in
Germany. You have no control over the files once they’re uploaded
there, and you can make no privacy guarantees.

    -> Do that in a way they can’t miss even if they hate reading.

It may also be a good idea to use “secret” URLs in that case, store
each file’s management token so users can delete their files at any
time, and maybe allow setting an expiration date. In many cases you
can probably also choose a shorter retention time by default.

    -> HeroicGamesLauncher is an example of a program that does
       this well.
       I nearly blocked it temporarily to berate the authors
       because I saw a lot of logs from that UA and suspected
       that it didn’t give users a choice because that’s happened
       several times before, but I was positively surprised when
       I looked into it.
       Props to them for implementing that feature!

Consider an option to change to a different 0x0 instance
-------------------------------------------------------------------

I haven’t seen many of them in the wild, but this should take very
little effort.

If you need to do a lot of testing, consider running a local
0x0 instance
-------------------------------------------------------------------

That way, you avoid accidental uploads and are not restricted by
network bandwidth. You’ll only need the built-in development
server, so setting it up should only take a minute or two.


FAQ
Q: I’ve been blocked! Will you lift that ban?
A: Depends. If you know what you did and can assure me it won’t
   happen again, sure! Just need to know your IP address.
   And sometimes I make mistakes. If you believe that to be the
   case, don’t hesitate to talk to me.

Q: Will you add an upload form or drag-and-drop support for web
   browsers?
A: No. Not even because I’m some kind of elitist nerd who wants to
   gatekeep people whose only interface to the Internet is a web
   browser, but because the inconvenience is one of the things that
   have allowed 0x0.st to operate without ever getting anywhere
   close to exceeding available capacities.

Q: How much disk space does this use?
A: While 0x0.st has become much more popular than I anticipated,
   disk usage has never been a concern. It’s currently hovering at
   about 400 GB.

Q: How much outgoing network traffic?
A: Between 10 and 40 TB a month.

Q: Aren’t you just asking for trouble by having this exposed to
   the Internet? What’s your experience with it?
A: Skill issue, as they say. I’ve managed to keep it running for
   close to a decade without running into any real problems, in
   a country that’s notorious for holding website operators
   accountable for a lot of bullshit, and with a hosting provider
   that is known to terminate contracts over innocuous things
   because someone at CloudFlare sneezed.
   Running a public file hoster isn’t hard at all if you’re
   smart about it and design it in a way that ensures it will not
   grow beyond the very small scale you can handle even when you’re
   sick or overloaded with work. Just keep an eye on it and fix
   problems as they arise.
   Respond to abuse reports sent through your hosting provider in
   a timely fashion and show that you’re a good customer who is
   taking the necessary steps and isn’t going to cause any trouble.
   Do the same with law enforcement. No big deal.
   Build a few tools every now and then to make your life easier
   and minimize how often you’ll end up seeing something you wish
   you hadn’t.
   That’s actually one of the things I really love about this:
   0x0 has rewarded me with a steady supply of fun small side
   projects.

   tl;dr it’s fun, give it a try


Terms of Service
0x0.st is NOT a platform for:
    * piracy
    * pornography and gore
    * AI slop
    * extremist material of any kind
    * terrorist content
    * malware / botnet C&C
    * anything related to crypto currencies
    * backups
    * CI build artifacts
    * other automated mass uploads
    * doxxing, database dumps containing personal information
    * anything illegal under German law

Uploads found to be in violation of these rules will be removed,
and the originating IP address may be blocked from further uploads.

Note that Tor exit nodes are blocked by the firewall due to frequent
rule violations.


Privacy Policy
For the purpose of moderation, the following is stored with each
uploaded file:
    * IP address
    * User agent string

This site generally does not log requests, but may enable logging
if necessary for purposes such as threat mitigation.

No data is shared with third parties.


Abuse and Takedown Requests
To report abuse or request file removal, use one of the following
contact methods:

    * Fedi: @0x0@movsw.0x0.st
    * email: mia ‍＠‍ ‍0‍x‍0‍.‍s‍t (do not copy and paste)
    * IRC: mia on Libera Chat

HINWEIS zu polizeilichen Auskunftsersuchen i. V. m. § 174 TKG:
Um eine zügige Bearbeitung ohne nachfolgende Meldung an die jeweils
zuständige Aufsichtsbehörde zu ermöglichen, bitte ich darum,
die Rechtsgrundlage sorgfältig zu prüfen und auf die Einhaltung
datenschutzrechtlicher Vorschriften, einschließlich der Absicherung
des Kommunikationswegs gegen Kenntnisnahme durch Dritte, zu achten.
Zur verschlüsselten Kommunikation kann folgender GPG-Schlüssel
verwendet werden:

CD5D4850E607808EFCFF4D6C72E154B8622EC191
-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEXmvDmhYJKwYBBAHaRw8BAQdAP4VA8yQB34TJEzZaYygdNeelk/2sUvOpVSK5
Mg/gVee0Fk1pYSBIZXJrdCA8bWlhQDB4MC5zdD6IkAQTFggAOAIbAwULCQgHAgYV
CgkICwIEFgIDAQIeAQIXgBYhBM1dSFDmB4CO/P9NbHLhVLhiLsGRBQJiL2+4AAoJ
EHLhVLhiLsGRAKkA/RYEp2Ikqj1e+eqVR9ioa/k0Whiubi1ZE5hIG/pQnEmFAP94
VAzbHtYMUzUKrTxZ5ppf3EifcVtEVImsRZOFKdnfBbg4BF5rw5oSCisGAQQBl1UB
BQEBB0BASQVMxF6j1EExV6BkhCyslvJmW1leTgw4fnyleI0QIwMBCAeIeAQYFggA
IAIbDBYhBM1dSFDmB4CO/P9NbHLhVLhiLsGRBQJiXuuHAAoJEHLhVLhiLsGRnF0B
ALFShluzTqHUgZOoQJQRf39TTJEKs3mrNp7zhMLkHZ4VAP0cAICVm9XkTrg0jfsb
Xj7okSjp/rwOFaGaFxmxIFxwDw==
=db0f
-----END PGP PUBLIC KEY BLOCK-----




If you run a server and like this site, clone it! Centralization is bad.
https://git.0x0.st/mia/0x0

You can also support it financially via Liberapay.
Hosting costs about 60 EUR a month.

If you wish to make just a small one-time donation, just get me
something on my Bandcamp wishlist
or send XMR to:

85ueQ5f5cfkaTQBPQngmj8Gz7fhftcX7fCJ5oibq3iZUCF2nxt38gM45tdPXq9Uq6oWjoqJNpCNXxbAXEQE7JzqJRy5om9b
    (click for QR code)


    █▀▀▀▀▀█ ▄▀ ▄█▀ ▄ █ ▀█▄ ▄ ▄██  █▀▀▀▀▀█
    █ ███ █ ▀███▀▄▄▄▀█▄▄▄▄▄ █ ▄█▄ █ ███ █
    █ ▀▀▀ █ █▄ ▄ █▀▄▀ ▄▄▄   ▄▄██  █ ▀▀▀ █
    ▀▀▀▀▀▀▀ █▄▀ █ █ █▄█ ▀▄▀▄▀ ▀ █ ▀▀▀▀▀▀▀
    ██ ▀ ▄▀▀ ▄█▄▀▄█ █▄▄██▄  ██▀▀▄▄█▀▀ ██▄
    ▀▄ █▄▀▀▄█ ▄▄▀█▀▄  ████▀▄ ▄▄ █▄▀▄ █▀▀█
    ▄▄  ▄ ▀█▄▀▀ █  ▀ ██ ▄█▀  ▀▄▄▀▀▀▄ █  █
    █▄█▄▄▀▀ ██▄█ ▄█▄▀▄ ▄▄█▀█ ▄▀▄▀▄▀ ▀▄  ▀
    ▀▄█▄ ▀▀   ▀█ ▄▀███ ▀▀▀▀▄▄▄▄▀▀█▀▀▄██▀█
    █▄  ▄█▀▄   ▄▄▀▄ ▀█▄ ██▄ ▀▀█ █ ▀▀ ▄███
     █▄▀▄█▀ ██▄ █ ▀███▄ █▀▄▀█ █▀█▄▀ ▀▀ ▄▄
    ██  █ ▀▄▄█▄▄▄▄█ ▀▀▄█ ▄   ██▄█ █ █▀ ██
     ██ ▀▄▀▄ █ ▀██▄▄▀▀ ▄ █ ▀█▀█▀▀▀▀▀ ▀▄█▄
    ▀▄ ▄ █▀▄▄█▄█▄█ ▄▀▄▀▄▄▄ ▀▄██ ▄█▀ ▀▀▀ ▀
    ▀▀▀  ▀▀ ▄▄▄▄ ▄  ██ ▀▄█▄██▄▄▄█▀▀▀█ ▀▀▄
    █▀▀▀▀▀█ ▀▀█▄  █ ▀█▄ ▄█▀▄▄▀ ▀█ ▀ █▀███
    █ ███ █ ▄ ▄ ▄ ▀██▄▄█▄▀█▀ ▄▀▄█▀▀███▀▄█
    █ ▀▀▀ █ ▄ ▄▄▀▄█   █▀ ▄ ▄▀▄▀██▀▀ ██ ▀▀
    ▀▀▀▀▀▀▀ ▀      ▀▀   ▀▀ ▀▀  ▀▀▀▀▀▀▀ ▀▀




Fedi: @0x0@movsw.0x0.st