I'm building ClosedLinks, a tool for sharing files and/or messages anonymously through one-time access links with no traceable sender. Most digital tools assume persistence; ClosedLinks is built for ephemerality and unlinkability. Each link is single-use, redirects on access, and stores encrypted content only temporarily. Recipients never see the original URL, enabling plausible deniability. Think: whistleblowers.

Encryption uses Fernet (symmetric), and all decryption happens only at point of access. There's no data retention after viewing or expiration. Optional analytics give visibility without compromising identity. Users can get notified when their shared links was accessed by the recipient, and they can set passwords for enhanced security. Limitations include email-based signups and no end-to-end encryption (yet).

You can check it out at = https://www.closedlinks.com/

You can read the white paper here - https://www.closedlinks.com/white-paper/

▲

rudasn 5 days ago | parent | next [-]

Cool, I've been working on similar my self. Not released yet, haven't had the time recently.

Curious as to why you store the data in the database in b64 as opposed to files on disk. What's the reasoning for that? Doesn't it make storage/backups/etc more complicated?

Not an expert myself, I opted for in browser encryption, in chunks, so as to avoid memory limitations (at least in some browsers, not FF yet), and in browser gzip so as to keep file size down and speed things up.

I find your niche quite interesting (journalists, whistleblowers) but given the high stakes of that perhaps an open source or more collaborative approach would be easier to promote.

Another idea I've tried out but not pursued, is some sort of browser extension/addon (I used nwjs, similar to electron), that offers client side encryption for any site (form field really). So you'd only post encrypted stuff to whatever service (email, reddit, hn, whatever) and only anyone with the key would get to read it (well, assuming they have the key and the same extension). Just throwing the idea out there, I'm sure others have thought about something along those lines before. The details to get it right are tricky (UX wise), but for your target audience it may be well worth the extra work.

Keep it up!:)

▲

chistev 5 days ago | parent [-]

Thank you for the kind words and for taking the time to read the white paper. It's a good feeling when you spend time and effort on something and someone takes the time to go through it.

I opted for database storage to simplify the management of ephemeral data. For a solo project, and as someone still learning, this was a practical way to keep the codebase manageable while focusing on core features like encryption and token-based access control.

However, you should note, in case you missed it in the white paper, that messages and files are deleted upon view (for view-once links) or expiry, whichever comes first. This ensures that the ~33% storage overhead from base64 is temporary, as a file only occupies space until it’s accessed or expires.

That said, you’re absolutely right that base64 encoding adds unneccessay storage overhead and could complicate backups for large files. I also recognize that storing files on disk could be more efficient for large-scale use cases. As (or should I say IF?) the project scales with users, I’ll definitely consider optimizations like disk storage or compression (your gzip idea is great!).

If I run into optimization problems, then it means people are using my product, and that sounds like one of them good problems (Marlo Stanfield's voice).

Your suggestion of in-browser encryption is super compelling, especially to assure users of total privacy. I noted in my white paper that client-side encryption is a future goal to address the limitation of the current server-side encryption, and your approach aligns with that vision.

The browser extension idea is also fascinating, I did not think of that.

I’m open to collaboration (again, as mentioned in my white paper) and would love to discuss ideas for making ClosedLinks more auditable while still keeping it commercially viable/sustainable. I’d be excited to hear more about your project or explore ways we could collaborate on privacy-focused tools.

Thanks again for the encouragement and for sparking this discussion!

	▲	tracker1 4 days ago \| parent [-]
		Just a +1 for browser encryption... you should be able to use pbkdf2 + aes to take an input passphrase with pbkdf2 to generate an aes key to then encrypt an input file in the browser, I'm not sure if you gain much via gzip before/after depending on the document that may already be a zip file (for word/oo, etc). On the file storage, I generally recommend going straight to a cloud interface to separate storage backend from the actual storage medium... There are self-hosted options for an S3 compatible backend you manage, or you can use actual S3 or one of several other providers for S3 style storage.

▲

adrianwaj 4 days ago | parent | prev [-]

"One-time access links with no traceable sender" ... so people get anonymous messages while logged-in to this site? How does the sender know about the recipient in the first place? What would I put in my HN profile to get messages on the site? You have people's email addresses... isn't that a problem when saying "no traceable sender?" People will need anonymous email addresses. Why not have pass-phrase logins?

I had this idea (linked in my 3rd most recent comment,) whereby what if I wanted to give someone some crypto via a set of keywords? Maybe you could turn this into some kind of PayPal for crypto.

Perhaps think about a video demo for this site.

Good luck anyway.

▲

chistev 4 days ago | parent [-]

Yea, the email part was a problem I mentioned in the white paper. Problem was I couldn't think of a way to enforce plan limits while making the subscription model work. If usernames, then they could just abuse it by creating new usernames each time. But I understand you. Maybe if you have some suggestions?

So regarding the sender and recipient, let's say I wanted to send you something. A message or a file, but wanted to maintain plausible deniability on if I sent it. I wanted a way of doing this, and the solution I came up with was that the link you receive publicly is not the link you land on to access the message or file. Anyone who lands on the publicly shared link, gets redirected to a new url each time.

But even without the deniability angle, it could be a way of sharing files with one time links. The links work once. And there's password protection, if enabled.

The implementation might not be perfect, but open to ideas, of course.

On, and there's API feature for generating links, and uploading files - for what it might be worth.

▲

adrianwaj 4 days ago | parent | next [-]

Well, I've used paste bins before. How about one with an email address input that'll invite whoever is meant to view it?

So instead of sending someone an image in an email, you send them a ClosedLink, they can view it once, and you avoid having to send them the image as an attachment?

Some screenshots would be nice.

	▲	chistev 4 days ago \| parent [-]
		Screenshots are here - https://www.producthunt.com/products/closedlinks?launch=clos... Yea, I don't quite like the email idea because it doesn't fit the idea in my head. I want a tool where I can share a ClosedLink with someone without having to ask them their email and getting asked "why" questions. The link should be shareable via any communication channel, and they can be hidden behind passwords so only the intended person can access the link. Maybe I'm bugging and my implementation/execution is not as perfect as I thought it would be when I started. lol > Are you expecting a lot of signups? As plan B, maybe aim to get a grant from the Oasis Protocol Foundation - they're all about privacy - and quiz them on what to do next. Ha! I was hoping to get lots of sign ups, but apparently that has failed. I'd never heard of the Oasis Protocol Foundation, I'll look into it. Thanks for taking to time to respond. Appreciated.

▲

adrianwaj 4 days ago | parent | prev [-]

Are you expecting a lot of signups? As plan B, maybe aim to get a grant from the Oasis Protocol Foundation - they're all about privacy - and quiz them on what to do next.