ZeroNet Blogs

Static ZeroNet blogs mirror


Demo for decentralized, self publishing blogging platform.

Version 0.6.5

- Posted in ZeroBlog by with comments


  • IPv6 support in peer exchange, bigfiles, optional file finding, tracker sharing, socket listening and connecting (based on tangdou1 modifications)
  • New tracker database format with IPv6 support
  • Refactored port open checking with IPv6 support
  • Display notification if there is an unpublished modification for your site
  • Consider non-local IPs as external even is the open port check fails (for CJDNS and Yggdrasil support)
  • Listen and shut down normally for SIGTERM (Thanks to blurHY)
  • Check the length of master seed when executing cryptGetPrivatekey CLI command
  • Only reload source code on file modification / creation
  • Add IPv6 tracker and change unstable tracker
  • Support tilde ~ in filenames (by d14na)
  • Detection and issue warning for latest no-script plugin
  • Don't correct sent local time with the calculated time correction
  • Support map for Namecoin subdomain names (Thanks to lola)
  • Add log level to config page
  • Don't show meek proxy option if the tor client does not supports it
  • Quick check content.db on startup and rebuild if necessary
  • Only support CREATE commands in dbschema indexes node and SELECT from storage.query
  • Support {data} for data dir variable in trackers_file value
  • Disable CSP for Edge

  • Fix site cloning before site downloaded (Reported by unsystemizer)

  • Fix queryJson for non-list nodes (Reported by MingchenZhang)

  • Fix multi-line parsing of zeronet.conf (Reported by xx)

  • Fix site deletion from users.json
  • Fix sql queries with lots of variables and sites with lots of content.json (Reported by xx)
  • Fix atomic write of a non-existent file


  • Add separate IPv6 and IPv4 port open status
  • Fix display of IPv6 trackers
  • Hint about search in sites
  • Wait longer delay after typing if you have many sites in your client
  • Display paused/active status of optional files in the Files tab

Python3 support is still in the works (and it's no.1 priority now), but it requires more modifications, than I originally thought, so I prioritized IPv6 over it.

Changelog: December 13, 2018

- Posted in ZeroBlog by with comments


  • Multilanguage, self hosted documentation with ongoing Fr/Zh translation + ZeroNet mirror: [Thanks to Lola, blurHY]
  • Fix sandbox escape vulnerability [Thanks, reported by ivanq/ZeroLSTN]
  • Restrict script execution by using Content security policy: It prevents code execution in case of sandbox escape/html injection.
  • Make Sidebar, Multiuser, UiConfig, UiPassword plugin compatible with hardened security changes.
  • Use chromedriver for testing as phantomjs does not supports sites with new content security policy.
  • Auto escape variables in template underscore helper
  • Cleanup entries older than 6 month from charts.db
  • New certList admin API call
  • Don't delete optional files from owned sites
  • Fix signing when --data_dir contains window-style path separators.
  • Fix setLocalStorage call before websocket connection is created
  • Fix saving user mutes
  • ZeroFrame.js 1.3.0: Support monkey patching Fetch API

I started the modifications that will be necessary to move ZeroNet codebase to Python 3. This will also include other major changes:

  • Move sqlite database connection to separate thread: make the UI more responsive and avoid blocking on db heavy operations (eg. rebuilding)
  • New database sync mode: Avoid db corruption on power loss or hw error
  • Support libsecp256k1: ~10x speed boost in file and certificate validation
  • Remove included third-party Python libraries (src/lib)
  • Update source code from ZeroNet by default

If everything goes well, then ETA: 2-3wk

Changelog: November 8, 2018

- Posted in ZeroBlog by with comments


  • Added dark themes for ZeroTalk and ZeroMe, tuned ZeroHello and ZeroBlog based on feedback.
  • Log file got rotated daily, only keep last 5 files
  • Self hosted documentation with new design and lots of improvements: (Thanks to anoadragon453!)
  • Fixed sidebar input fields on mobile browsers
  • Support limiting maximum big file size using --bigfile_size_limit (useful for proxies)
  • Experimental proof-of-work based cert providers: More info
  • Reworked user master key notification, added download as file option. (Thanks DaniellMesquita for ideas)
  • Spawn site announce async with 10 second wait time to avoid stalled site announce loop
  • Added ZeroNet logo for top-right fixbutton (Thanks DaniellMesquita)
  • Css and Js versioning: {site_modified} variable for html files that always got replaced with the "modified" value of the site root content.json or with the current time if "This is my site" is enabled on the sidebar. Issue#1740
  • Remove missing optional files on cloning

Version 0.6.4

- Posted in ZeroBlog by with comments


  • Add theme support to ZeroNet sites
  • Dark theme for ZeroHello and ZeroBlog (+ more sites coming soon)
  • Fix peer connecting bug for sites with low amount of peers
  • Update jQuery to latest version (Thx to DaniellMesquita)

dark-theme.png (1240x830)

Detailed info and POC of the "Vacation" sandbox escape bug that was discovered by GitCenter / Krixano / ZeroLSTN 3 weeks ago (fixed in Rev3616+): The Vacation Vurnerability list

Call for help:

  • We are looking for a maintainer for the Android client (ZeroNet-kivy)

Changelog: October 16, 2018

- Posted in ZeroBlog by with comments


  • Changes in optional/big file behavior: The pinned optional files won't be removed from download queue after 30 retries and won't be deleted even if the site owner removes it.
  • Fix peer number query on optional files if no optional file downloaded yet
  • Don't remove incomplete (downloading) sites on startup
  • Remove --pin_bigfile argument as big files are automatically excluded from optional files limit.
  • Fix cancellation of optional file downloading


  • Fold menu upwards if it would flow out of the screen
  • Show and manage "Connecting" sites


  • Pin file on Seed button click
  • Add pinned files to Seeding tab

Gave a speech about ZeroNet @ TEDSalon: Society 5.0 NYC

They said the editing/curating takes a few months. I think it went pretty ok, let's hope they think the same way. :)

TEDSalon.jpg (700x465)

As a result of invalid file type detection, a malicious site could escape the iframe sandbox. How to fix: update to ZeroNet Rev3616 or later.

Type: Browser iframe sandbox escape

Applied fix: Replaced the previous, file extension based file type identification with proper one.

Affected versions: All versions before ZeroNet Rev3616

Changelog: September 21, 2018

- Posted in ZeroBlog by with comments


  • Translation support for configuration page + hu, zh, pt-br translation (Thanks to DaniellMesquita, tangdou1)
  • Stop site downloading if it reached 95% of site limit to avoid download loop for sites out of limit (Thanks slrslr for report)
  • Add archived_before to user content rules to allow deletion of all user files before the specified date
  • Sidebar optimization and fix opening bug
  • Fix config page custom tracker filed validation (Thx blurHY for reporting)
  • Fix user settings deletion bug when using --multiuser_local (Thanks DaniellMesquita for reporting)
  • Fix blocklist of peers loaded from peerdb (Thanks tangdou1 for report)
  • Fix sidebar map loading on foreign languages (Thx tangdou1 for report)
  • Fix fileGet on non existent files (Thanks mcdev for reporting)


  • Better dashboard items display on small screen (Thx BenMcLean for report)
  • Fix tracker menu ordering on smaller screens
  • Fix followed feeds listing if there were no new items in last 3 days

Changelog: September 6, 2018

- Posted in ZeroBlog by with comments


  • P2P time consensus: Detect out-of-sync system time using connected peer's median system time. ZeroHello will display a notification if the difference is more than 30 seconds. You can check your calculated system time difference on /Stats page. (You can compare the result with

  • Database table row stats on /Stats page.

  • Peer reputation save/restore to speed up sync time after startup.

  • Fix peer reputation boost for zero:// trackers.

  • Only allow 5 concurrent checkSites to run in parallel to reduce load under Tor/slow connection.

  • Remove unreachable shared trackers faster if working tracker target reached.
  • Configurable number of target number of shared trackers using --working_shared_trackers_limit
  • Full support fileGet, fileList, dirList calls on tar.gz/zip files.

Changelog: August 28, 2018

- Posted in ZeroBlog by with comments

Shared tracker list between users:

New tracker IPs automatically discovered from other users to reduce centralization and avoid the blocking of the trackers.

To start new tracker: Enable the Bootstrapper plugin with opened port, then it will automatically share your client's ip with other users as a possible tracker. (It's only recommended to do this if you have static ip and planning to keep your client running 24/7)

Only the working trackers (successful result in past hour) are shared with other peers and the discovery request done in every 5 minutes until your client found 5 working shared trackers. This feature is also got limited to zero:// trackers only as it more suited for ZeroNet, because it allows multiple sites announce in same request and the storage of .onion addresses.

Other changes (Rev3571):

  • Copy site address with peers link on the sidebar.
  • Zip file listing and streaming support for Bigfiles.
  • Tracker statistics on /Stats page

  • Allow tracker connections to loopback to your client and announce yourself.

  • Reduce the request frequency to unreliable trackers.

  • Fix double announce on new site visit and startup.

  • Fix trayicon compatibility with latest gevent

  • Fix request number counting for zero:// trackers

Decentralized Web Summit 2018

- Posted in ZeroBlog by with comments

dws2018.jpg (1000x500)

I will be around San Francisco in the next few days and I'm going speak at Decentralized Web Summit 2018. Hope to see you there! :)

Recent changes:

  • Updated Windows & Mac binaries to latest version
  • Fix browser open configuration element saving bug
  • Load trackers file on startup
  • Fix UDP trackers parsing
  • Force re-announce loading site on refresh
  • Trackers file always relative to executable


  • Fix username highliting


  • ​​​​​​​Add search field