FAQ
What topic can we help you with?
General
Why should I use this service?
Sharing secrets is delicate. You don't want sensitive information (confidential information, passwords, API keys, access tokens, key combinations, confessions, etc.) to stay in your Slack channel, Whatsapp chat log, inbox, or any other communication channel. A one-time disposable link guarantees that your secret is only viewed exactly once, before being permanently destroyed.
Use this service in case you want to…
- Share your Netflix password with a family member.
- Send a private message from a public computer.
- Send access tokens, API keys, PIN codes to a friend or coworker.
- Forward payment information such as credit card number or Bitcoin wallet address.
- Confess to a secret crush.
- Transmit information that could be used against you.
Who is it for?
Essentially everybody. Everybody should care about privacy.
The means to transmit sensitive information anonymously is especially crucial for journalists, lawyers, politicians, whistleblowers, people who are being oppressed, etc.
How does the service work?
After you submit the form your secret will be encrypted and stored. You can now share the generated short link via text message, email or whatever service you trust. (We recommend Signal, Threema or Matrix.) After the recipients clicks the link, the message gets displayed and permanently removed from the database.
For extra security, you can include a password that will be needed to decrypt the message. (We recommend to share the password via a different channel than the link.)
What is the difference to disappearing messages on Signal or Whatsapp?
Anonymity, privacy and security. Plain text messages within a chat log can always get traced back to you. There are many scenarios where even disappearing messages are a risk factor: Do other people have access to your phone sometimes? What if you lost your phone? Or even worse, your phone might be compromised on an operating system level. With scrt.link you will always just have a link in your conversation history. After the link has been visited once, it will lead to a 404 error page. There is no way of accessing the original content.
What is the difference to Snapchat?
Same answer as for the previous question. Also, the business model behind Snapchat, and every other major social media platform, contradicts the idea of privacy and anonymity. Social media companies need to know their users in order to sell ads.
However, it is fine to share a generated secret link using Snapchat, Facebook, Instagram, Telegram, etc.
Who is behind this service?
Scrt.link is a service by SANTiHANS GmbH, a Swiss based tech company with a mission to advance the web. We operate under Swiss law. As a customer you profit from one of the world's strongest data and privacy protection regulation, the Federal Act on Data Protection (FADP). This product has been created and is operated by @stophecom.
Product and Service
Text, Files, Redirect und Neogram?
- Text: This is the standard mode. It's the preferred way to share passwords and similar kind of secrets. The recipient has the option to copy the secret. Demo
- File: Drop any file. This feature is currently in beta.
- Redirect: Think about it as a URL-shortener where the generated link only works once.
- Neogram: Digital letter-style message that automatically burns after reading. Use it for confidential notes, confessions or secret love letters. Demo
What is the maximum message size?
The current limit is 140 characters for visitors. With a premium plan you can get up to 100,000 characters.
Can I get notified when a secret has been viewed?
Yes, you can get Email notifications with an account. Go to Account
How do read receipts work?
For each secret, we generate a Secret ID (a random string) which is the only reference to the original message. Once the recipient opens the secret link, we notify you using the chosen method. In the notification we only include the Secret ID - so be sure to store/remember it. Needless to say, the contact information (email or phone number) is never exposed to the recipient.
Email: You'll receive an email from shhh@scrt.link.
Why do I get "Secret not found" error?
This means that the secret link has already been visited. If this happens unexpectedly:
- Check with the sender to make sure the link hasn't been visited by mistake.
- The secret was accessed via brut-force attack or there is an issue with the server infrastructure (don't worry, the contents of the secrets would still be encrypted) - both cases are very unlikely.
- Worst case: A third party accessed the link, which ultimately means, your communication channel and/or either party's device has been compromised.
Security and Privacy
How secure is this service?
All messages are end-to-end encrypted using AES-256, which is virtually impenetrable using brute-force methods. AES would take billions of years to break using current computing technology. For the highest level of security, an optional password (which is never stored either) will be used to encrypt your message. Read more on our Security page.
How is my privacy protected?
We take a number of steps to protect your privacy, detailed on the privacy page - however some of the features require third party services that may have access to personal identifiable information (PII). If you want to further protect your privacy, we recommend the following:
- Connect to our service via a virtual private network (VPN): This way you never expose your personal IP address. We recommend ProtonVPN.
- Use a service such as Abine Blur to hide your personal email address, phone number and/or credit card information.
How is end-to-end encryption achieved?
We generate two random strings, one to identify your secret in the database and one to encrypt your message. We don't store the encryption key. Only with the full link you are able to decrypt the secret.
Can I retrieve a secret that has already been visited?
Nope. It's a one time secret. We show it once and then delete it permanently from the database. There is no backup. It's gone for good.
Can the recipient save the message?
Sure. You can always take a screenshot. The idea behind this service is to securely share sensitive information one time. We (obviously) don't have control over what a recipient does with the message.
How long do you keep non-viewed secrets?
Until the end of times. Seriously, there is no maximum time limit set. But you can always destroy your secret by visiting the secret link.
Account and Billing
Who is the payment provider?
We work with Stripe as our payment provider. We don't store any payment related information whatsoever.
What payment methods are supported?
Our payment provider Stripe offers a variety of payment options: Google Pay, Credit Card (VISA, Mastercard, American Express, etc.) among many others. Once you choose a premium plan you get redirected to Stripe where you can select your preferred method.
How do subscriptions work?
Once you subscribe to a premium plan, you get instant access to the corresponding features for as long as the subscription lasts. You will be billed every month or year, based on the selected billing interval. A subscription can be cancelled anytime.
How can I use promo codes?
Promo codes can be applied on the Stripe checkout page. Add your personal promo code and hit "Apply". After that you should see a discounted price right away.
How do I cancel a subscription?
Sign in to the account page. Under the "Subscription" tab you can cancel your subscription anytime, no questions asked.
Didn't find the answer you were looking for? Contact support: support@scrt.link