CryptoTweet Reaction

1. /*
2. Today, I take a cursory glance at a new service:
3. .--. . .---. .
4. : _|_ | _|_
5. | .--.. ..,-. | .-. |. . ._.-. .-. |
6. : | | || )| ( )| \ \ / (.-'(.-' |
7. `--'' `--||`-' `-'`-' ' `' `' `--'`--'`-'
8. ;|
9. `-' '
10. This Source Code: https://www.cryptotweet.com/js/script.js */
11. Special thanks to:
12. http://jsbeautifier.org/
13. http://www.network-science.de/ascii/
14. */
15. var project_url = '';
16. var timer;
17. /* SNIP */
18. $(function () {
19. if ($("textarea#tweet").attr("id") !== undefined) {
20. $("textarea#tweet").focusin(function () {
21. $("textarea#tweet").css("height", "85px")
22. });
23. $("textarea#tweet").focusout(function () {
24. $("textarea#tweet").css("height", "25px")
25. })
26. }
27. if ($("select#recipient").attr("id") !== undefined) {
28. $("select#recipient").next("a").click(function (e) {
29. e.preventDefault();
30. $(this).html('Loading..');
31. $.get(project_url + "/twitter/update_followers/", function () {
32. window.location.href = '/projects/CryptoTwitter/'
33. });
34. return false
35. });
36. load_friends();
37. $("select#recipient").click(function () {
38. load_friends()
39. })
40. }
41. if ($("textarea#tweet").attr("id") !== undefined) {
42. $("textarea#tweet").keyup(function () {
43. if ((130 - $(this).val().length) >= 0) {
44. $("span#charcount").html(130 - $(this).val().length)
45. } else {
46. $("textarea#tweet").val($("textarea#tweet").val().slice(0, 130))
47. }
48. });
49. // ^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^
50. // HERE IS THE IMPORTANT PART:
51. $("button#send_tweet").click(function () {
52. $(this).html("Sending..").attr('enabled', false).attr('disabled', true).attr('readonly', true).delay(100);
53. if ($("textarea#tweet").val().length > 0 && $("input[name='csrf_crypto']").val() !== "" && $("select#recipient").val() >= 0) {
54. $.post(project_url + "/twitter/send_tweet/", {
55. tweet: $("textarea#tweet").val(),
56. csrf_crypto: $("input[name='csrf_crypto']").val(),
57. recipient: $("select#recipient").val(),
58. tweet_also: ($("input#tweet_also:checked").val() !== undefined ? 1 : 0)
59. }, function (result) {
60. if (parseInt(result) === 1) {
61. $("textarea#tweet").val("")
62. } else {
63. $("textarea#tweet").val("Tweet could not be send. Try again later.")
64. }
65. $("span#charcount").keyup();
66. $("button#send_tweet").html("ETweet!").attr('enabled', true).attr('disabled', false).attr('readonly', false).delay(100);
67. return false
68. })
69. }
70. })
71. // LOOK, IT JUST SENDS TO THE SERVER TO DO THE CRYPTO!!!
72. // ^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^
73. }
74. /* SNIP */
75. });
76. /*
77. From the FAQ page on CryptoTweet:
78.  
79. Q: Can you read my ETweets?
80. A: No, even we can't read your ETweets because they are not designated to us and therefor we can't read/decrypt them.
81.  
82. # ORLY? What if you did that this?
83. root@cryptotweet:/# nc -vl 443
84.  
85. Try it, you should get raw post data with plaintext as soon as someone tries to post an ETweet.
86.  
87. There are probably more things that need to be addressed, but this was one source of concern I found. Generally, you should only use Twitter for public conversations anyway; there are other venues for private discussion (e.g. XMPP+TOR+OTR in Virtualbox+LUKS)
88. */