If you’ve never been to Pastebin, it looks kinda like the internet’s biggest box of programmer Post-It notes.
Founded in 2002, the site was designed for developers who want to save and share raw text.
Typically, that means bits of code, but Pastebin will take pretty much whatever text you feed it. The vast majority of its abc’s and 123’s wouldn’t make you look twice — the Pastebin public archive is chock full of scintillating “untitled” material.
But in darker corners of the web, Pastebin is a destination for hackers and malcontents. They’re known to post lists of passwords pilfered in data breaches, violent manifestos, and other unsavory stuff.
Security researchers try to keep them at bay — by scraping the site using a special API, and paying $50 for the privilege.
Last week, Motherboard reported that Pastebin turned off access to its scraping API. According to CyberScoop, some Twitter accounts were dedicated to catching and flagging malware on Pastebin before it could do any damage.
By turning off the scraping API, Pastebin pissed off people who fought the good fight against the black hats — and folks who had forked over $50 for lifetime access to the scraping tool. A sampling of the criticism:
“Umm @pastebin do you know how many malware payloads we collect every day from scraping you, you just made the whole Internet a little bit more scummy by removing our ability to do that,” one user tweeted. “Hope you are planning on policing your own platform from now.”
Pastebin said it pulled the plug because of “active abuse by third parties for commercial purposes” — AKA services that charge people to rifle through Pastebin’s huge pile o’ Post-Its.