scrt.link
scrt.link

FAQ

Frequently Asked Questions

General

Why should I use this service?

Sharing secrets is delicate. You don't want sensitive information (confidential information, passwords, API keys, access tokens, key combinations, confessions, etc.) to stay in your Slack channel, Whatsapp chat log, inbox, or any other communication channel. A one-time disposable link guarantees that your secret is only viewed exactly once, before being permanently destroyed.

Use this service in case you want to…

  • Share your Netflix password with a family member.
  • Send a private message from a public computer.
  • Send access tokens, API keys, PIN codes to a coworker.
  • Confess to a secret crush.
  • Transmit information that could be used against you.

Who is it for?

Essentially everybody. Everybody should care about privacy.
The means to transmit sensitive information anonymously is especially crucial for journalists, lawyers, politicians, whistleblowers, people who are being oppressed, etc.

How does the service work?

After you submit the form your secret will be encrypted and stored. You can now share the generated short link via text message, email or whatever service you trust. (We recommend Signal, Threema or Matrix.) After the recipients clicks the link, the message gets displayed and permanently removed from the database.

For extra security, you can include a password that will be needed to decrypt the message. (We recommend to share the password via a different channel than the link.)

What is the difference to disappearing messages on Signal or Whatsapp?

Anonymity, privacy and security. Plain text messages within a chat log can always get traced back to you. There are many scenarios where even disappearing messages are a risk factor: Do other people have access to your phone sometimes? What if you lost your phone? Or even worse, your phone might be compromised on an operating system level. With scrt.link you will always just have a link in your conversation history. After the link has been visited once, it will lead to a 404 error page. There is no way of accessing the original content.

What is the difference to Snapchat?

Same answer as for the previous question. Also, the business model behind Snapchat, and every other major social media platform, contradicts the idea of privacy and anonymity. Social media companies need to know their users in order to sell ads.

However, it is fine to share a generated secret link using Snapchat, Facebook, Instagram, Telegram, etc.

Who is behind this service?

Scrt.link is a service by SANTiHANS GmbH, a Swiss based tech company with a mission to advance the web. We operate under Swiss law. As a customer you profit from one of the world's strongest data and privacy protection regulation, the Federal Act on Data Protection (FADP). This product has been created and is operated by @stophecom.


Product and Service

What is the difference between Text, Link and Neogramâ„¢?

  • Text: This is the standard mode. It's the preferred way to share passwords and similar kind of secrets. The recipient has the option to copy the secret. Demo
  • Link: Think about it as a URL-shortener where the generated link only works once.
  • Neogramâ„¢: Digital letter-style message that automatically burns after reading. Use it for confidential notes, confessions or secret love letters. Demo

What is the maximum message size?

The current limit is 280 characters for visitors. With a premium plan you can get up to 100,000 characters.

Can I get notified when a secret has been viewed?

Yes, you can get SMS or Email notifications with an account. Go to Account

How do read receipts work?

For each secret, we generate a Secret ID (a random string) which is the only reference to the original message. Once the recipient opens the secret link, we notify you using the chosen method. In the notification we only include the Secret ID - so be sure to store/remember it. Needless to say, the contact information (email or phone number) is never exposed to the recipient.

Email: You'll receive an email from shhh@scrt.link.

SMS: You'll receive an SMS notification from +17744694525.

Why do I get "Secret not found" error?

This means that the secret link has already been visited. If this happens unexpectedly:

  • Check with the sender to make sure the link hasn't been visited by mistake.
  • The secret was accessed via brut-force attack or there is an issue with the server infrastructure (don't worry, the contents of the secrets would still be encrypted) - both cases are very unlikely.
  • Worst case: A third party accessed the link, which ultimately means, your communication channel and/or either party's device has been compromised.

Where can I find the browser extensions?

The scrt.link browser extensions are available for all major browsers:


Security and Privacy

How secure is this service?

All messages are end-to-end encrypted using AES-256, which is virtually impenetrable using brute-force methods. AES would take billions of years to break using current computing technology. For the highest level of security, an optional password (which is never stored either) will be used to encrypt your message. Read more on our Security page.

How is my privacy protected?

We take a number of steps to protect your privacy, detailed on the privacy page - however some of the features require third party services that may have access to personal identifiable information (PII). If you want to further protect your privacy, we recommend the following:

  • Connect to our service via a virtual private network (VPN): This way you never expose your personal IP address. We recommend ProtonVPN.
  • Use a service such as Abine Blur to hide your personal email address, phone number and/or credit card information.

How is end-to-end encryption achieved?

We generate two random strings, one to identify your secret in the database and one to encrypt your message. We don't store the encryption key. Only with the full link you are able to decrypt the secret. Link explanation

Can I retrieve a secret that has already been visited?

Nope. It's a one time secret. We show it once and then delete it permanently from the database. There is no backup. It's gone for good.

Can the recipient save the message?

Sure. You can always take a screenshot. The idea behind this service is to securely share sensitive information one time. We (obviously) don't have control over what a recipient does with the message.

How long do you keep non-viewed secrets?

Until the end of times. Seriously, there is no maximum time limit set. But you can always destroy your secret by visiting the secret link.


Account and Billing

Who is the payment provider?

We work with Stripe as our payment provider. We don't store any payment related information whatsoever.

What payment methods are supported?

Our payment provider Stripe offers a variety of payment options: Google Pay, Credit Card (VISA, Mastercard, American Express, etc.) among many others. Once you choose a premium plan you get redirected to Stripe where you can select your preferred method.

How do subscriptions work?

Once you subscribe to a premium plan, you get instant access to the corresponding features for as long as the subscription lasts. You will be billed every month or year, based on the selected billing interval. A subscription can be cancelled anytime.

How do trials work?

Try before you buy: You can test all premium features for a 5 day trial period. Once the trial ends you will be billed based on your chosen plan. Cancellations during the trial period result in the immediate termination of the subscription - no billing will be made in such case.

How do I cancel a subscription?

Sign in to the account page. Under the "Subscription" tab you can cancel your subscription anytime, no questions asked.


Nerd Zone

Where can I find the source code?

All code is open-source on Gitlab.

How can integrate this tool in my project?

There are easy-to-use npm packages available. For code examples and further information about integration visit the developer blog.


Didn't find the answer you were looking for? Contact support: support@scrt.link