The encrypted payload lives only in the URL hash. Nothing is sent to a server.
Generated link
An encrypted note is in this URL
Reveal the note below. After reveal, the URL hash is wiped so a refresh will not show it again.
Honest about what this is
- The note never leaves your browser. The encrypted payload is in the URL hash. Servers cannot see hashes.
- Self-destruct means the page wipes the hash and the displayed text. It does not reach into the recipient's clipboard, browser history, or screenshots. They can save the URL before reveal or the text after.
- Expiry is enforced by an embedded timestamp the page reads before decrypting. The clock is the recipient's. A skewed system clock can change behavior.
- If you want true one-view-only delivery with provable destruction, you need a server that holds the ciphertext and deletes after first GET. Share is intentionally serverless.
- For passwords stronger than a typical phrase, choose your own passphrase. PBKDF2 at 250000 iterations is robust against casual offline guessing but not against well-funded attackers brute-forcing a weak word.
Frequently asked questions
- What is Share for?
- Passing a short secret to someone over a channel you do not fully trust. A new-hire onboarding password. A wifi key. A one-off API token. A draft message you do not want indexed by Slack search. Write the note, copy the link, send it through your usual channel.
- How does the encryption work?
- The note is encrypted with AES-GCM (256 bit) in your browser using WebCrypto. If you set a password, the key is derived with PBKDF2-SHA256 at 250000 iterations. If you do not, a random 256-bit key is generated and packed into the URL hash next to the ciphertext.
- Is the note sent to any server?
- No. Everything after the # in a URL is never sent to the server. Your note stays in the URL itself. The recipient's browser decrypts it locally when they open the link.
- What does self-destruct actually mean?
- When the recipient opens the link and reveals the note, the page strips the hash from the address bar so reloading does not re-show it. This is best-effort. The recipient can copy the URL before reveal or copy the decrypted text after. Share destroys local state. It cannot enforce destruction at the other end. For true one-view-only delivery, a server is required.
- What does expiry do?
- If you set an expiry, an expires-at timestamp is packed into the encrypted payload. When the recipient opens the link after that timestamp, the page refuses to decrypt and shows an expired notice. This is enforced client-side via the embedded timestamp, not via a server check.
- Why a password if it is already encrypted?
- A passwordless link puts the key in the URL itself. Anyone with the URL can decrypt. Adding a password splits the secret across two channels: the URL goes through your messaging app, the password goes through a phone call or another channel. Then a leaked URL alone is not enough.
- Does it track me or use cookies?
- No. No analytics, no third-party scripts, no telemetry. Only the WebCrypto API and your inputs.