Does this website allow linking directly to the image? If that's not possible, Img.bi can never compete with sites like Imgur.

I tried creating a hotlink: AAANmCAIAAAAq13OYAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAASdEVYdFNvZnR3YXJlAEdyZWVuc2hvdF5VCAUAAP+HSURBVHhe7P15cyS5tu2J6RPIZLKW1C2zvupus9d9Ta17z6mqnOeByXkmI4JzksmZyZyzqrKmM9zXH1y/tRaAcDLrvPf63zoO2wbbvrEBhwNwMtaKDcT/pU996lOf+tSnPvWpT33qU5/61Kc+9alPfepTn/rUpz71qU996lOf+tSnPvWpT33qU5/61Kc+9alPfepTn/rUpz71qU996lOf+tSnPvWpT33qU5/61Kc+9alPfepTn/rUpz71qU996lOf+tSnPvWpT33qU5/61Kc+9alPfepTn/rUpz71qU996lOf+tSnPvWpT33qU5/61Kc+9alPfepTn/rUpz71qU996lOf+tSnPvWpT33qU5/61Kc+9alPfepTn/rUpz71qU996lOf+tSnPvWpT33qU5/61Kc+9alPfepTn/rUpz71qU996lOf+tSnPvWpT33qU5/61Kc+9alPfepTn/rUpz71qU996lOf+tSnPvWpT33qU5/61Kc+9alPfepTn/rUpz71qU996lOf+tSnPvWpT33qU5/61Kc+9alPfepTn/rUpz71qU996lOf+tSnPvWpT33qU5/61Kc+9alPfepTn/rUpz71qU996lOf+tSnPvWpT33qU5/61Kc+9alPfepTn/rUpz71qU996lOf+tSnPvWpT33qU5/61Kc+9alPfepTn/rUpz71qU996lOf+tSnPvWpT33qU5/61Kc+9alPfepTn/rUpz71qU996lOf+tSnPvWpT33qU5/61Kc+9alPfepTn/rUpz71qU996lOf+tSnPvWpT33qU5/61Kc+9alPfepTn/rUpz71qU996lOf+tSnPvWpT33qU5/61Kc+9alPfepTn/rUpz71qU996lOf+tSnPvWpT33qU5/61Kc+9alPfepTn/rUpz71qU996lOf+tSnPvWpT33qU5/61Kc+9alPfepTn/rUpz71qU996lOf+tSnPvWpT33qU5/61Kc+9alPfepTn/rUpz71qU996lOf+tSnPvWpT33qU5/61Kc+9alPfepTn/rUpz71qU996lOf+tSnPvWpT33q

The URL is super-long and the image can't be accessed.

your i2p link is unusable for almost everyone.
Please either register your domain or use a .b32.i2p address

Currently one can download all the uploaded files by randomly trying (brute-forcing) URLs under /download, because only two letter/number combinations . As they are encrypted this is of course no big problem, but I still don't like it because it has one big problem: Metadata!

And after Snowden we should know that metadata matters.

So what one can get out by monitoring download:

• File upload times
• File deletion times
• rough file size (both of thumbnail and original picture - with some intelligent combination of this data I could imagine one might get out the picture resolution or similar things)
• very unlikely but when the random number generator is flawed attacker may get enough random data there to launch an attack and probably get out the encryption key
• when you should change the cipher, version number or other things in the future one can also notice which are old files and new files and therefore can notice when img.bi was upgraded.

Of course if attacks against AES or the specific AES implementation are found you have also a serious problem, but when this happens you have a huge problem in general and this easy file access might be your smaller problem.
However a level of obscurity (which is achieved with more complex URLs in the download location) might at least prevent direct, easy attacks in this case.

So all in all: Please make the download location more complex, so one has to know the URL for downloading a specific file. Relying on the encryption is one way, doing everything to prevent attacks (including metadata leaks) is another...

AutoRM URL is a very nice idea. Very useful. Unluckly I see our problem.

Right know the common URL is:

• https://img.bi/#/{picId}!{ReadKey}

and the "autoRM" URL is:

https://img.bi/#autorm/{picId}!{ReadKey}!{RMKey}

The recepient just have to change to remove "autorm" word to recover the common URL.
I know it can save the pic by all means and repost it, but it would be better to give another URL for autoRM.
It's not trivial by the way

The common name for your TLS setup is *.webhostbox.net. It's redirecting to some spammy site. Did you let the domain expire? I would've liked to evaluate your software before deciding if I want to use it.

Also:

npm install -g imgbi-server
npm ERR! code E404
npm ERR! 404 Not Found: imgbi-server@latest

After slecting the file and hitting "UPLOAD" I get the following error:
Error

500 Internal Server Error

It would be nice if you cold decouple the build process of the static files from the server start, because you do not always need to regenerate the static files with every server start.

E.g. when you create debug = "undefined" in your local storage img.bi tries to read and parse it when visiting the "my" page, which of course results in an parse error.

Error: JSON.parse: unexpected character at line 1 column 1 of the JSON data
@https://domain.example/scripts/main.js:8:28334
r@https://domain.example/scripts/main.js:1:4487
@https://domain.example/scripts/main.js:8:28254
a/<@https://domain.example/scripts/main.js:3:2656
Yt/this.$get</h.prototype.$eval@https://domain.example/scripts/main.js:3:9989
Yt/this.$get</h.prototype.$digest@https://domain.example/scripts/main.js:3:8557
Yt/this.$get</h.prototype.$apply@https://domain.example/scripts/main.js:3:10285
c@https://domain.example/scripts/main.js:2:17715
b@https://domain.example/scripts/main.js:2:19904
ht/</S.onload@https://domain.example/scripts/main.js:2:20450
 main.js:2:28031
o/<() main.js:2
nt/this.$get</<() main.js:2
a/<() main.js:3
Yt/this.$get</h.prototype.$eval() main.js:3
Yt/this.$get</h.prototype.$digest() main.js:3
Yt/this.$get</h.prototype.$apply() main.js:3
c()

So it might be worth to prefix the values for saved pictures img.bi creates, so that it does not read and clash with other things in the local storage.

Subj.

Issue

If I select or drag & drop multiple photos it uploads all of them (tested with 2 photos) but only displays one finally.
However if I look at "My pictures" it displays all so it's only a kind of usability issue. Maybe a preview (or a next/previous button) or something like this would be useful, because actually I thought "Oop, only one file was uploaded?" while in fact all pictures were uploaded correctly.

Finally a kind of suggestion

Also if you would make a kind of "preview page" (okay or at least not previews of the pictures but some links with filenames e.g.) then you would also have a basically implementation of #12. The only issue would be that you can't add photos later, but IMHO this is not necessary - to allow people to link to multiple pictures with one link (and one upload) would be enough for me.

Just a though: what about an URL redesign to be more open for future updates and more meaningful representation?

Trying to separate what's going on the server and client side:

• https://img.bi/{picId}/#k/{password}
• https://img.bi/a/{albumId}/#/k/{wholeAlbumPassword} [/{picId}]
• https://img.bi/#/my
• https://img.bi/rm/{picId}/#k/{password} (wich shoudl also work without preview with "/rm/{picId}"
• https://img.bi/rm/a/{albumId}/#k/{wholeAlbumPassword}

Server: {picId} et {albumId} are identifiers of raw materials known by server and stored on it.
Client: {password}, {albumPassword} and "my" are only clientside

A GET on https://img.bi/{picId} would return an HTML with:

• < title >img.bi - Picture # {{picId}}< /title >
  and telling that this is a protected resource with an input area to ask for the missing key. It could let people to give the key by a secure side channel and not in URL. As soon as the key validated, the browser change their location to the full URL with key.

Hi.

First things first: thanks for the great work you put into img.bi!
I used it regularly from some time, it's awesome.

Is the website https://img.bi/ down? Are you aware of the issue?
I cannot access it (and am not the only one: http://isup.me/https://img.bi/).

Thanks again, and thanks in advance.

I couldn't upload PNG image.
Firefox 29 & 32 refused to upload it, whereas Chrome 33 said that file format is not supported.

would you ever consider including the option to strip exif data from an image when its uploaded? and/or optimizing the image like yahoo! smush.it does?

I'm trying to access https://img.bi/ for some time now and it always returns me timeout. Ping does not work neither. (IP: 131.72.136.19)

Is It Down Right Now reports that it's down too.

There is a missing value in the template for HTML : < title >{{config.name}}< /title >

In my installation the time is always 180 days when the home page is accessed. In the local storage I can also only see 180 saved even if I previously did a file upload with a different value.

At this time, when a user uploads images to .onion version of the website, they get only .onion URLs at the end.
You can't give them to friends who don't use Tor or post them in the "white" internet.

Hi there,

First of all great app, tnx for sharing it with community.

I tested image i uploaded by posting it on reddit. The main thing for that kind of sites, and all other social sites is to fetch thumb from the link. Right now that's not working. Is it able to add OG, Schema, or Twitter Card in head of the page, so any other site can fetch it ?

Peace,

Currently https://img.bi/ times out.

How about beside time for automatic deletion, adding a maximum number of view before desactivation ? (optionnal)
It could limit a bit an uncontrolled spread of picture viewing by link sharing
For exemple, I give to my family a link intend to be seen for only 5 peoples with an average view of 10 per people, I could set the maximum view to 50. After that limit the website desactivate the URL and force the author to regenerate the picture and create a new URL for it if he want to reshare it again.

I experience some uncaught errors in Chrome 36 :

• Uncaught BUG: random: addEntropy only supports number, array of numbers or string img.bi/scripts/efef493f-main.js:1
• Failed to load resource: the server responded with a status of 404 (OK) https://img.bi/download/66c7S9d
  3
• Uncaught BUG: random: addEntropy only supports number, array of numbers or string

So the image can be viewed unlimited times by multiple persons and is deleted automatically. Relative (save for N[m|h|d] e.g. 1h) and absolute (until d.m.y H:i:s). Would be pretty cool.

Because normally I upload things like screenshots and send someone (sometimes to more than one person) a link which may get viewed immediately or in a few hours and I don't want to remember days later to remove it.

People can use Apple iOS7 to upload picture in website but are not able to copy from the textbox and get the created URL

If you GET an URL with an invalid key the browser keep displaying the icon spinner "Loading" instead of telling the user that the key is invalid (not telling the key in incorrect)

In Firefox it shows the site as if it wouldn't had any favicon. However if I make a bookmark then the icon is shown correctly in the bookmark (but only there).

Firefox 38.0.1

Last two days when I am trying to upload image from FireFox, I am getting Internal server error.

According to --help it should just load a config file, but in fact it tries to load some kind of module:

$ ./cli.js -c config.json
Error: Cannot find module 'config.json'
    at Function.Module._resolveFilename (module.js:339:15)
    at Function.Module._load (module.js:290:25)
    at Module.require (module.js:367:17)
    at require (internal/module.js:20:19)
    at Object.<anonymous> (/.../node_modules/img.bi-server/cli.js:13:14)
    at after (/.../node_modules/cli/cli.js:1057:18)
    at Object.cli.main (/.../node_modules/cli/cli.js:1062:9)
    at Object.<anonymous> (/.../node_modules/img.bi-server/cli.js:10:5)
    at Module._compile (module.js:413:34)
    at Object.Module._extensions..js (module.js:422:10)
    at Module.load (module.js:357:32)
    at Function.Module._load (module.js:314:12)
    at Function.Module.runMain (module.js:447:10)
    at startup (node.js:148:18)
    at node.js:405:3

It only works when I'll specify the path like this:

$ ./cli.js -c ./config.json

It should however handle both cases.

When people go to a picture URL they will focus on the picture itself.
Maybe it would be better to hide by default the link generation (Web, tor and so on). A user interested by the associated links must click on a "link for sharing" button.

I would love a "Paste From Clipboard" feature, like http://snag.gy/.

It would be great if it would be possible to have an Android app that let's us configure upload server address etc. and then give another "Share" option of uploading an image or screenshot to our own img.bi instance. What do you think?

To replicate this issue, go to the website, and click on Upload (without first selecting a file).

I know that nothing is happening, but it's stuck on "Uploading" with a loading icon.

Maybe disable the "Upload" button until a file is added?

URL generated on the website for img.bi.js view is wrong:

<img data-imgbi="https://img.bi/#/GCKXiMh!GrpJM9T5nctCSugqCxvVIG6Zp1PFm8W1nMsusmfs" />

Instead of

<img data-imgbi="https://img.bi/#!GCKXiMh!GrpJM9T5nctCSugqCxvVIG6Zp1PFm8W1nMsusmfs" />

At first nice all ads on your page have to follow this strict guidelines, including the ones for acceptable ads by AdBlockPlus.
However at first there are no ads (even with disabled adblocker I see none), but - although you say you follow ABPs guidelines https://img.bi/partials/ads.html (so just your ads information page) is blocked by ABPs EasyList. (I think because of a generic filter)
So I assume you didn't tried to get on ABPs list of acceptable ads, because you don't display any ads currently.

Or am I wrong? And do you want to make something against the blocking of the ads information page? (E.g. renaming would already solve the issue)

Hi,

My System:

Distributor ID: Debian
Description:    Debian GNU/Linux 8.0 (jessie)
Release:    8.0
Codename:   jessie

npm install -g imgbi-server

say that there isn’t any package to install:

npm ERR! 404 Not Found
npm ERR! 404 
npm ERR! 404 'imgbi-server' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it
npm ERR! 404 
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, or http url, or git url.

npm ERR! System Linux 2.6.32-43-pve
npm ERR! command "/usr/bin/nodejs" "/usr/bin/npm" "install" "-g" "imgbi-server"
npm ERR! cwd /root/img.bi
npm ERR! node -v v0.10.29
npm ERR! npm -v 1.4.21
npm ERR! code E404
npm ERR! 
npm ERR! Additional logging details can be found in:
npm ERR!     /root/img.bi/npm-debug.log
npm ERR! not ok code 0

If I try to install it via the git directory, I get that Errors:

> [email protected] install /root/img.bi/node_modules/bcrypt
> node-gyp rebuild

gyp: Call to 'node -e "require('nan')"' returned exit status 1. while trying to load binding.gyp
gyp ERR! configure error 
gyp ERR! stack Error: `gyp` failed with exit code: 1
gyp ERR! stack     at ChildProcess.onCpExit (/usr/share/node-gyp/lib/configure.js:344:16)
gyp ERR! stack     at ChildProcess.emit (events.js:98:17)
gyp ERR! stack     at Process.ChildProcess._handle.onexit (child_process.js:809:12)
gyp ERR! System Linux 2.6.32-43-pve
gyp ERR! command "nodejs" "/usr/bin/node-gyp" "rebuild"
gyp ERR! cwd /root/img.bi/node_modules/bcrypt
gyp ERR! node -v v0.10.29
gyp ERR! node-gyp -v v0.12.2
gyp ERR! not ok 
npm WARN This failure might be due to the use of legacy binary "node"
npm WARN For further explanations, please read
/usr/share/doc/nodejs/README.Debian

npm ERR! [email protected] install: `node-gyp rebuild`
npm ERR! Exit status 1
npm ERR! 
npm ERR! Failed at the [email protected] install script.
npm ERR! This is most likely a problem with the bcrypt package,
npm ERR! not with npm itself.
npm ERR! Tell the author that this fails on your system:
npm ERR!     node-gyp rebuild
npm ERR! You can get their info via:
npm ERR!     npm owner ls bcrypt
npm ERR! There is likely additional logging output above.

npm ERR! System Linux 2.6.32-43-pve
npm ERR! command "/usr/bin/nodejs" "/usr/bin/npm" "instal"
npm ERR! cwd /root/img.bi
npm ERR! node -v v0.10.29
npm ERR! npm -v 1.4.21
npm ERR! code ELIFECYCLE
npm ERR! 
npm ERR! Additional logging details can be found in:
npm ERR!     /root/img.bi/npm-debug.log
npm ERR! not ok code 0

When pictures are automaticaly removed because of "time to live", those pictures are still viewable in

https://img.bi/#/my

But when you click on the blue view button, it leads to the message: "Probably it was already removed."

Are the pictures sitll stored but not viewable ? In this case you should display to the author a message on top of each picture saying they have expired and a way to regenerate a new link.
If the pictures is deleted from the storage then it also be deleted from the "my" view.

Furthermore, an automated deleted pictures cannot be removed from the my view, since the URL

https://img.bi/#/rm/<id>!<key> 

is not available any more and leads to the "Probably it was already removed." message too.

This is because it seems to be set with Javascript later correctly.
I think this is basically not such nice, so just add the website title directly to the HTML output.

The copy buttons at the file view doesn't work. That's surely because of the browser restrictions for access to the clipboard.
Additionally I think it is intended that there are some hover/clicking effects, but they aren't working.

So maybe a better thing would be if you could select the link with one click (e.g. by using user-select although this is not standardised).

When going to a wrong picID (like https://img.bi/#/ZhIYck2), Chrome 36 display:

Maybe it would be better to tell the user that the resource this not available.

It would nice to have a counter till deletion for each picture

After uploading an image, these example links are generated:
Link to view image https://img.bi/#/G5Jw9pb!ydTeFu6LMwMovBdEyfl6ebBqUC9U8RGOXJT9oyWN
Remove image after first view https://img.bi/#autorm/G5Jw9pb!ydTeFu6LMwMovBdEyfl6ebBqUC9U8RGOXJT9oyWN!JJR9gtAi4Bn5egqAXF5ZFXp58DJ

As you can see, the second link contains the first one. This leads to the following problem:
Suppose I upload an image and want to use the "remove image after first view" functionality.
Anyone can take the link, remove "autorm" and the additional, unnecessary part (in this case !JJR9gtAi4Bn5egqAXF5ZFXp58DJ) to transform the link into a normal non-autodeleting link.

Would it be possible to create multiple keys that cannot be converted to each other, in order to make sure one-time links cannot be accessed multiple times?

It would be neat to have album (photo grouping) support.

As a user
I can upload several pictures, in several times if needed
I order to have a unique URL to share and access the whole album

I2P people disable JS because it leaks information. But userscripts can be useful, because they can be audited and user fully controls what is actually executed in the browser.
So, provide a userscript to use img.bi with disabled JS.

Issue

After deleting a photos you will be redirected to the homepage. IMHO it would be more useful to redirect back to the last visited site, which is "My pictures".
This way deleting multiple photos will be easier.

Sorry, another suggestion

Sorry I don't want to open another issue for this: And of course to have checkboxes to delete multiple photos would make it much easier to delete them.

Long running on a server seems to be problematic.
Regularly I cannot upload any files as imgbi somehow closes the connection related to some headers. At least this is how I can interpret the nginx error messages (running as reverse proxy):

yyyy/mm/dd 12:59:18 [error] 12554#0: *1306 upstream prematurely closed connection while reading response header from upstream, request: "POST /SOMEDIR/api/upload HTTP/2.0", upstream: "http://127.0.0.1:SOMEPORT/api/upload"
yyyy/mm/dd 13:01:25 [error] 12554#0: *1306 connect() failed (111: Connection refused) while connecting to upstream, request: "POST /SOMEDIR/api/upload HTTP/2.0", upstream: "http://127.0.0.1:SOMEPORT/api/upload"

Or:

yyyy/mm/dd 18:39:57 [error] 1465#0: *174 recv() failed (104: Connection reset by peer) while reading response header from upstream, request: "POST /imgbi/api/upload HTTP/2.0", upstream: "http://127.0.0.1:SOMEPORT/api/upload"
yyyy/mm/dd 18:40:25 [error] 1465#0: *174 connect() failed (111: Connection refused) while connecting to upstream, request: "POST /SOMEDIR/api/upload HTTP/2.0", upstream: "http://127.0.0.1:SOMEPORT/api/upload"

After a restart of imgbi everything is working again.

$ ./cli.js
INFO: Building static content
INFO: [XX:YY:ZZ] 
INFO: Working directory changed to ~/node/node_modules/img.bi-server

INFO: [XX:YY:ZZ] 
INFO: Using gulpfile ~/node/node_modules/img.bi-server/gulpfile.js

INFO: [XX:YY:ZZ] 
INFO: Starting 'css'...

INFO: [XX:YY:ZZ] 
INFO: Starting 'js'...

INFO: [XX:YY:ZZ] 
INFO: Starting 'html'...

INFO: [XX:YY:ZZ] 
INFO: Starting 'favicons'...

INFO: [XX:YY:ZZ] 
INFO: Starting 'fonts'...

events.js:159
      throw err;
      ^

Error: Uncaught, unspecified "error" event. (Potentially unhandled rejection [2] 'modals.less' wasn't found. Tried - /.../node_modules/img.bi-server/frontend/less/modals.less,node_modules/bootstrap/less/modals.less,frontend/less/modals.less,modals.less in file /.../node_modules/img.bi-server/frontend/less/main.less line no. 29
)
    at GulpRunner.emit (events.js:157:17)
    at Socket.<anonymous> (/.../node_modules/gulp-runner/index.js:59:10)
    at emitOne (events.js:90:13)
    at Socket.emit (events.js:182:7)
    at readableAddChunk (_stream_readable.js:153:18)
    at Socket.Readable.push (_stream_readable.js:111:10)
    at Pipe.onread (net.js:534:20)

When uncommenting this line I get another error:

Error: Uncaught, unspecified "error" event. (Potentially unhandled rejection [2] 'responsive-utilities.less' wasn't found. Tried - /.../node_modules/img.bi-server/frontend/less/responsive-utilities.less,node_modules/bootstrap/less/responsive-utilities.less,frontend/less/responsive-utilities.less,responsive-utilities.less in file /.../node_modules/img.bi-server/frontend/less/main.less line no. 26
)
    at GulpRunner.emit (events.js:157:17)
    at Socket.<anonymous> (/.../node_modules/gulp-runner/index.js:59:10)
    at emitOne (events.js:90:13)
    at Socket.emit (events.js:182:7)
    at readableAddChunk (_stream_readable.js:153:18)
    at Socket.Readable.push (_stream_readable.js:111:10)
    at Pipe.onread (net.js:534:20)

I'm getting a 404 error when using npm install. Its failing because its trying to download libvips-8.2.0 at a url (https://dl.bintray.com/lovell/sharp/) that no longer has 8.2.0 available. Are you guys running into this when you build?

Okay this has not really something to do with this repo, but however I see that your site "only" scored B in sslabs test.
So at least disabling RC4 would be nice and if you can - adding things like HSTS and HPKP would be fantastic of course.