Buzzheavier Security Update
TL;DR
- A large volume of child porn was recently uploaded to leading to an investigation and seizure of proxy servers by authorities.
- Our storage provider has also placed our account on hold.
- You can't access old buzzheavier files until the storage provider removes account hold.
- I am not able to access my account? - You can use your account id to log in at our mirror site trashbytes.net, but you won't be able to access the files until the matter is not resolved
Overview of How BuzzHeavier Works
BuzzHeavier prioritizes user privacy by employing multiple layers of security, including proxy servers to protect user identities.
Account Security and File Handling
1. Account Security:
When a user signs up, only a hashed version of their account ID is stored in our database, ensuring the actual ID remains private unless reset. And that hash used to encrypt/decrypt all the files on raw storage
2. File Upload Process:
- Users request an upload through our server.
- The server retrieves the account ID hash from AWS RDS.
- Files are encrypted using the account ID hash plus an internal secret key.
- Files are then stored securely with a third-party storage provider.
3. File Download Process:
- Users initiate a download request.
- The server fetches the account ID hash linked to the file, retrieves it, and decrypts it with the account id hash + secret key.
Secret Key Security Protocol
Our encryption keys are stored with strict protocols:
- We build binaries on a secure local machine and deploy to our proxy servers.
- After the proxy starts, the binary is deleted.
- Our encryption secret is stored with an offshore provider, which only Buzzheavier can decrypt.
- Each proxy startup retrieves and decrypts the secret key before it’s used for file encryption/decryption.
Entities Involved in BuzzHeavier’s Operations
- Cloudflare: Access was granted to law enforcement, but Cloudflare has no direct data.
- Proxy Servers: Access was obtained by law enforcement, but no sensitive data is retrievable.
- Storage Provider: No direct access by law enforcement, though the account is currently on hold.
- AWS RDS: Law enforcement is attempting access but is restricted to hashed data.
- Secret Provider: Location undisclosed; we’re actively securing this information.
Event Timeline
- Oct 31 - Nov 3: Approximately 9TB of illegal content was uploaded.
- These files were reported to the authorities.
- Authorities began monitoring our servers and services.
- Received notice from the storage provider that our account was on hold.
- Shortly afterward, we received a notification from our proxy provider.
Moving Forward and Future of BuzzHeavier
Buzzheavier is fully cooperating with authorities to resolve this matter while prioritizing user privacy. Here’s what we’re implementing moving forward:
- File Retention Policy: Files will be deleted after 30 days of inactivity for user safety. If you wish to retain files longer, please contact us directly on Discord.
- Improved Storage Provider: We’ve switched to a new storage provider with significantly faster upload and download speeds.
- Full Platform API Support: A complete API for the platform will be available within the next week.
- Subdirectory and Clone Mount Support: Enhanced file organization with subdirectories and support for mounting via clone will be available in approximately two weeks.
We’ll continue to keep you updated as we make further progress. Thank you for your understanding and support.