How it works
We are a service that will help you hide the most private data from being read by third parties when sharing it with one interlocutor. Instead of sharing your passwords, payment details, addresses, and other confidential data in the clear in messengers, send your partner a link to the one-time note generated by this website.
After being first read, the note is removed from our server and can't be recovered. So if your interlocutor is the first to view the note, nobody will be able to find out the note's content afterwards. Even if anybody reads a note before him, at least, it will be realized, when he won't be able to open the note.
Links
Frequently asked questions
- Can website admins or hosting providers view the notes content?
- Can any site scripts intercept the note's content when it is decrypted?
- What do you know about note, except for its content?
- Do you store the ip-addresses of your visitors?
- What stats do you collect?
- How do you monetize this website? Will there be any ads?
Can website admins or hosting providers view the notes content?
No, all notes are encrypted by the client's browser before sending to our server. A random secret key is used to encrypt a note, which is also generated by the browser. This key is given to the reader in the link itself after the "#" symbol. It is used by his browser to encrypt the note's content received from our server.
No link symbols after "#" (and the key) are passed to the server. This link part is called an anchor and it is usually used by browsers to navigate through the page.
Therefore, we don't process any data from the note, except for its encrypted content, that can't be encrypted, as we don't know either the link or secret key.
By the way, if you know how to see the browser 's requests in the developer tools, you can go and see how the notes are encrypted, and what is sent to our server.
Can any site scripts intercept the note's content when it is decrypted?
No, our site doesn't share decrypted note's content. All requests that are made from the browser can be viewed in the developer tools. All necessary libraries and javascript-code is served directly from our server. We intentionally don't use anything that is stored on other sites and CDN, to be confident that all code used doesn't collect data from our visitors' browsers. This is our positive feature from competitive services.
What do you know about note, except for its content?
We don't associate neither the note creator, nor its reader with the note itself. We believe that our goal is to store as few of your data as possible.
There have always been lots of notes, which have never been read. Taking this into account, we decided to set the maximum storage period of every note. When this period expires, the note deletes, even if it wasn't read yet. To prevent fingerprinting we decided not to store the note's creation date. We store the expiration date and time instead, allowing our users to choose the expiration period (it can be found in advanced options, when creating the note). By default, our notes are deleted 7 days after creation. Please note, that it's also the maximum time they can be stored.
Now every note has 4 fields in our database: its id, encrypted content, expiry date and a counter (also needed for decryption) . Here is the example note data from the database:
id | content | delete_date | counter |
Me3Q5nxebo | Îçõ3jsºù-Úkmàû0Þò^ | 2022-02-24 20:46:50.355676 | 5941129521571234 |
Do you store the ip-addresses of your visitors?
As we mentioned before, we try not to collect visitors' data. Ip-addresses are not the exception. So in our logs we record only ip-addresses hashes that are used in our anti spam systems.
What stats do you collect?
We have only 2 counters: the amount of created notes and the amount of read ones. These counters help us to analyze, how active is our site used and sometimes even prevent the bot attack! We don't use any external analytics services, such as Google Analytics. The reason is revealed here.
How do you monetize this website? Will there be any ads?
At first, this site was created for private use. We made it not to earn money. We made it to protect our privacy. Of course, if our audience will be large enough, we will think of earning money. But we'll never use ads engines like Google, as it requires using their scripts on our site. As we are against using external code, the only way of showing ads on our site will be searching for advertisers by ourselves. But the best method of earning money, as we see it, is creating a donation system.