Made a small file host focused on not leaving a trace.
- No account, no ads, no trackers
- You set when the file deletes itself (1 hour to 30 days, or after X downloads)
- Optional password on files and notes
- Reachable over Tor via an onion service
- Self-hosted
For when you just need to hand someone a file without it sitting on a server forever or asking them to sign up anywhere.
Hello, there is currently no end-to-end encryption on the server I’ll explain why below. The reasons why
True end-to-end encryption (where I literally can’t read your files) means the server only ever sees encrypted blobs. The problem is, that also means I can’t scan anything, and right now every upload is checked against known CSAM and run through malware scanning.
Go fully zero-knowledge and I lose that capability entirely, which on an anonymous host is a real problem it basically turns into a blind dropbox for whatever people want to put there.
So it’s genuinely one or the other either I can see enough of the content to keep it clean, or I can’t see it at all and can’t keep it clean. I chose to keep it scannable, because for an open anonymous service, I think being able to block that kind of content is more important.
That’s the real reason there’s no at-rest encryption not laziness it would compromise security. I’m open to hearing how you’d weigh the pros and cons, though.
You could do client-side scanning instead while checking a signature of the client’s js to ensure that it is your code that’s running.
Never trust the client lol