

Show HN: Send browser-encrypted messages over self-destructing read-once URLs - brianhempel
https://sneakynote.com

======
brianhempel
Author here. There are other services that do this sort of thing, but none
that accomplished all these goals:

1\. Browser-encrypted so the server cannot decrypt it. The decryption key is
stored in the URL fragment after the # so the server never sees the decryption
key. (Fragments are not sent in HTTP requests.)

2\. Secrets never touch disk. SneakyNote.com even goes to lengths to clear the
in-memory buffers on storage/access.

3\. Verified delivery. If you're going to send the link over an insecure
channel, you can't prevent someone else from getting to it first. But you'd
like to know if they replaced your link. The verification code step solves
this problem.

4\. Open source.

Incidentally, this is written in Go because it of its good HTTP support and
because Go is a memory-safe language that will also allow you to clear memory.

