Shh! Self-Destructing Messages
Sometimes you just can't get around sharing sensitive information over insecure channels like email, SMS, Slack, etc. All it takes is one data breach to expose a lifetime's worth of secrets — and not just yours!
To help mitigate these dangers, we've built Shh!, a free message sharing service that hides your message behind a unique, self-destructing link. Messages are encrypted and decrypted in the browser1, making it impossible for us or anyone else to read the contents without the magic link.
And once a link expires, its secrets are gone forever.
Secret Message
This message will self-destruct after X views or in 3 hours and 2 minutes, whichever comes first.
Click here to delete the message now.
How It Works
Shh! is set up to provide temporary Zero Knowledge storage of your textual secrets, meaning we can store and retrieve your (encrypted) message — while it is valid, anyway — but have no ability to decrypt and read it. Not even with our Root Magic!
Creation
The way this works is actually pretty simple:
When you submit a new secret using the above form, a cryptographic key is generated by your browser and used to encrypt your plain text message. That encrypted message, along with your view and time settings, are sent back to our server for temporary storage.
The private key, meanwhile, stays with you and is never shared with the server.
If all goes well, the server sends back a unique identifier of its own. This value is then combined with your private key (in the browser) to produce a shareable URL that looks like /shh/#/SERVERKEYyourkey
.
Retrieval
When someone lands on that URL, their browser separates out the server key and the private key. The server key is sent to the server to see if it can find the message, and if it does, it returns it (still encrypted). The private key is then used to decrypt the message in the browser so it can be displayed.
The keys are stored in the #fragment
portion of the URL because unlike the /pathname
and ?query
parts, #fragments
are only visible to the browser; they play no role in the server's request routing, and will not accidentally be recorded in system access or error logs.
Destruction
Each time a message is requested, its internal view count is incremented. Once that value reaches the limit, or too much time has passed, the message is deleted, and all threats of discovery are removed.
Easy!
Test It!
We could be master criminals.
(We're not, but there's no reason you should blindly trust us.)
If you've read this far, we recommend you go ahead and submit an innocent test message and take a look at the request and response payloads in your browser's Network Tools window to verify that nothing untoward is going on.
It should be easier to follow the traffic than most sites as we don't use Google Analytics, Facebook, or any other monster data-siphoning services. Haha.
Caveats
While self-destructing data resolves the dangers of that data being stored indefinitely at rest, it cannot protect you in cases where you or the recipient are already compromised, but then, neither can anything else.
It is important to emphasize that anybody with the link can view the message as long as it remains active, whether that somebody is the somebody you intended or not.
It is recommended that you instruct your recipients to manually delete the message once they have copied it somewhere more permanent.
Once it's gone, it's gone.
The End!
That's it! Feel free to use Shh! as often as you need to. We hope you enjoy it.
This is not a terribly expensive operation for us, but if you would like to help support its continued existence, Bitcoin and Monero donations are always welcome.