WingNews logo WingNews
top | item 43735121

(no title)

Rayid | 10 months ago

Hey HN!

I built a small project called DeadDrop – a tool for sharing files without needing logins or accounts. You just enter a name and a passkey, and your file is encrypted in the browser using AES-GCM. Only the encrypted file is uploaded. On the other side, anyone with the same name + key can retrieve and decrypt it client-side.

The server never sees the passkey or the raw file – it's fully privacy-first.

Use cases: quick transfers between devices, sharing sensitive files with collaborators, or just simple temp file drops without any tracking.

Would love your feedback or suggestions!

Link: https://deadrop.updo.in

discuss

order

apitman|10 months ago

I recommend using a different word than "passkey". That has a specific meaning that's different than how it's used here. Password or passphrase would be more appropriate.

Rayid|10 months ago

You're right, "passkey" has a specific meaning these days. I’ll consider switching to something like "password" or "passphrase" to avoid confusion. Appreciate the suggestion!

cedws|10 months ago

Be careful hosting a service like this. You will have feds knocking on your door in no time.

Rayid|10 months ago

Totally understand the concern — I’ve thought a lot about that.

I'm not encouraging illegal use; it's designed for privacy-conscious developers, teams, and individuals who want simple, disposable file transfers. And like with any tool, it depends on how users choose to use it.

That said, I'm keeping an eye on best practices (and legality) around hosting this kind of service. Appreciate you bringing it up!

pogue|10 months ago

What's the file size limits? How long does the file stay there?

And most importantly, how can we trust it's private/anonymous/encrypted?

Rayid|10 months ago

For now, the file size limit is 10MB, and you can choose how long the file stays — anywhere from 1 day to 30 days. As for privacy and security, everything is end-to-end encrypted in your browser using AES-GCM, so the server never sees your passkey or the unencrypted file. It's designed to be private and anonymous, with no personal data involved. I totally get the concern about trust — I’m being as transparent as possible about the process, and I want to make sure you feel confident using it. If you ever want more details or have any doubts, feel free to reach out at rayidashrafdar@gmail.com!

kratosthegod|10 months ago

Well done! I appreciate the minimal, no-login approach. It feels like a modern and more lightweight alternative to (late)Firefox Send.

Rayid|10 months ago

Thanks! I actually didn’t know about Firefox Send until after I built DeadDrop. But now that I’ve seen it, I can definitely see the similarities. Glad you liked it!