| ▲ | Rayid 3 days ago |
| Hey HN! I built a small project called DeadDrop – a tool for sharing files without needing logins or accounts. You just enter a name and a passkey, and your file is encrypted in the browser using AES-GCM. Only the encrypted file is uploaded. On the other side, anyone with the same name + key can retrieve and decrypt it client-side. The server never sees the passkey or the raw file – it's fully privacy-first. Use cases: quick transfers between devices, sharing sensitive files with collaborators, or just simple temp file drops without any tracking. Would love your feedback or suggestions! Link: https://deadrop.updo.in |
|
| ▲ | apitman 2 days ago | parent | next [-] |
| I recommend using a different word than "passkey". That has a specific meaning that's different than how it's used here. Password or passphrase would be more appropriate. |
| |
| ▲ | Rayid 2 days ago | parent [-] | | You're right, "passkey" has a specific meaning these days. I’ll consider switching to something like "password" or "passphrase" to avoid confusion. Appreciate the suggestion! | | |
| ▲ | Xiol32 2 days ago | parent [-] | | Did you write your app using an LLM? It's starting to rub off. | | |
| ▲ | Rayid 2 days ago | parent [-] | | I hand-coded the UI and most of the app myself. However, I use AI for tedious functions, writing comments, or reviewing code. It’s a helpful assistant, but I’m in the driver’s seat. |
|
|
|
|
| ▲ | cedws 3 days ago | parent | prev | next [-] |
| Be careful hosting a service like this. You will have feds knocking on your door in no time. |
| |
| ▲ | Rayid 2 days ago | parent [-] | | Totally understand the concern — I’ve thought a lot about that. I'm not encouraging illegal use; it's designed for privacy-conscious developers, teams, and individuals who want simple, disposable file transfers. And like with any tool, it depends on how users choose to use it. That said, I'm keeping an eye on best practices (and legality) around hosting this kind of service. Appreciate you bringing it up! | | |
| ▲ | cedws 2 days ago | parent | next [-] | | The minutiae don't matter, if they think your service is serving data it shouldn't be, encrypted or not they will bust down your door. | | |
| ▲ | Rayid 2 days ago | parent [-] | | At the moment, this website is still in its early stages, but I'm fully committed to finding ways to prevent any unethical use of the platform. It's something I’ll continue working on as I develop and improve it. Thanks for the concern! |
| |
| ▲ | 7bit 2 days ago | parent | prev [-] | | > it depends on how users choose to use it. Protect yourself as best as you can. The worst that could happen is if this is used for CSAM, and then it's over. | | |
| ▲ | Rayid 2 days ago | parent [-] | | Well, since all files are encrypted on the client side, I can’t actually read or access the contents of the files being uploaded. That means I can't know what’s being shared. However, I’ll be adding clear policies that will allow me to delete any files that appear to be used unethically or in violation of the guidelines. | | |
| ▲ | rad_gruchalski 2 days ago | parent [-] | | Since you have access to raw data as it is being encrypted, you can know what material is being uploaded. You could in theory maybe claim that data is encrypted on the client but it is your client served from your domain. | | |
| ▲ | Rayid 2 days ago | parent [-] | | Right, since the client is served from my domain, trust in the code is essential. Encryption happens in-browser, and nothing is logged or intercepted, but to back that up, I’m planning to open-source the website in the future so anyone can verify exactly what’s going on. |
|
|
|
|
|
|
| ▲ | pogue 2 days ago | parent | prev | next [-] |
| What's the file size limits? How long does the file stay there? And most importantly, how can we trust it's private/anonymous/encrypted? |
| |
| ▲ | Rayid 2 days ago | parent [-] | | For now, the file size limit is 10MB, and you can choose how long the file stays — anywhere from 1 day to 30 days. As for privacy and security, everything is end-to-end encrypted in your browser using AES-GCM, so the server never sees your passkey or the unencrypted file. It's designed to be private and anonymous, with no personal data involved. I totally get the concern about trust — I’m being as transparent as possible about the process, and I want to make sure you feel confident using it. If you ever want more details or have any doubts, feel free to reach out at rayidashrafdar@gmail.com! |
|
|
| ▲ | kratosthegod 2 days ago | parent | prev | next [-] |
| Well done! I appreciate the minimal, no-login approach. It feels like a modern and more lightweight alternative to (late)Firefox Send. |
| |
| ▲ | Rayid 2 days ago | parent [-] | | Thanks! I actually didn’t know about Firefox Send until after I built DeadDrop. But now that I’ve seen it, I can definitely see the similarities. Glad you liked it! |
|
|
| ▲ | Rayid 2 days ago | parent | prev [-] |
| Sorry, but the CORRECT LINK IS: https://deaddrop.space |
