Security

The whole project is based on a simple premise: The less we know, the better.

Security by design

Best practices, no extras.

  • All messages are stored encrypted using AES-256, using a 512 bit password hash.
  • After a secret has been viewed, we delete it permanently from our database. There is no backup.
  • If a password is provided, we use it to encrypt your secret on the client - in other words, there is no way of decrypting your message, since we don't even store a hash of your password. Even with the most advanced attacks (e.g. man in the middle attack) or access to all our infrastructure an attacker couldn't read your message.
  • As little third-party code as possible. No Google, no Facebook, no cookies, no tracking.
  • All code is open-source on Gitlab. Dependencies are updated regularly.

Infrastructure

Trusted players, few dependencies.

We chose industry leaders to host our infrastructure: