How it worksEvery time you write a note, it is encrypted with a secret key. This key is created by combining a lot of random and special data, such as how your phone or mouse moved while you were on this page - this is something no one else can predict.
Once there is enough secret data for the key, your note is first encrypted inside your browser and then afterwards uploaded to our server. This secret key never leaves your device, but it is attached to the link (after the "
Upon uploading your note, it undergoes an additional encryption process, employing the same robust standard utilized by your browser. This added layer of security ensures that the note remains inaccessible for repeated access, even in the presence of code injection attempts. The second key, crucial for the recipient to correctly open the note, is exclusively provided after the download is completed and the note has been deleted.
Notes are also automatically deleted if they remain unopened for the specified time on creation. By default, this duration is set to 48 hours.So it is safe, right?As the encryption processes are based on the modern
However, as priv.to is a website and not a program, anyone familiar with it can still use default browser tools like "view source" or "inspect element" to reverse engineer whats behind. Upon examination, you'll find that your note is first encrypted within your browser before being sent to our server.
This ensures that we are never able to read what is stored in it, even when there is something wrong with our backend code that we're not aware of yet.
Once there is enough secret data for the key, your note is first encrypted inside your browser and then afterwards uploaded to our server. This secret key never leaves your device, but it is attached to the link (after the "
$
" -symbol while "#
" is the identifier), so the recipient can use it to decrypt the note.Upon uploading your note, it undergoes an additional encryption process, employing the same robust standard utilized by your browser. This added layer of security ensures that the note remains inaccessible for repeated access, even in the presence of code injection attempts. The second key, crucial for the recipient to correctly open the note, is exclusively provided after the download is completed and the note has been deleted.
Notes are also automatically deleted if they remain unopened for the specified time on creation. By default, this duration is set to 48 hours.So it is safe, right?As the encryption processes are based on the modern
AES-GCM
standard and the note is only uploaded after
being encrypted for the first time, it is in our opinion very safe to say that your message really gets only where you want it to be. However always make sure that the recipients device or account didn't got compromised by anybody meanwhile. If you're not sure about this, simply define an optional password only you and your recipient can guess. If you do so, it is encrypted again, not only with the random data generated by your device, but also with thePBKDF2
standard.Can I check it?You can, but we dont think trust solely comes from being open source. While publishing the source code of a program or app can indeed help in finding security vulnerabilities, it can also be abused in the same way. The biggest examples are 0-day vulnerabilities, where exploits are not reported to software publishers, and a fix is not yet available.However, as priv.to is a website and not a program, anyone familiar with it can still use default browser tools like "view source" or "inspect element" to reverse engineer whats behind. Upon examination, you'll find that your note is first encrypted within your browser before being sent to our server.
This ensures that we are never able to read what is stored in it, even when there is something wrong with our backend code that we're not aware of yet.