The link contains encrypted data in the URL #hash. Servers do not receive the secret.
View
Timer: --:--
This link has already been opened in this browser. It is now expired.
How it works
Encrypts with AES-GCM directly in your browser. The key is derived from your password using PBKDF2.
The encrypted data, expiry time, and one-time token are stored in the URL #hash (never sent to a server).
The countdown runs entirely on your device. When it expires or you destroy it manually, the app clears all data and resets history.
Details
The timer is managed locally by your browser once the encrypted message is created. The expiry time is stored temporarily on your device and counts down in real time.
Countdown:
The timer runs automatically within your browser, without contacting any server.
Expiry trigger:
When the countdown ends, or if you manually destroy the message, the app immediately removes all related data.
Cleanup routine:
• Deletes all message and key data stored during the session.
• Clears temporary information from the browser.
• Replaces the page address to remove any trace of the encrypted link.
Result:
After expiry or manual deletion, the encrypted content and password are permanently removed from the device.
All operations occur locally—no information is sent or stored on any server.
“One-time” access is enforced per browser using local storage. Without a server, this only prevents re-opening in the same browser.
To make one-time viewing work globally (across all users or devices), a server would be required to track usage.
A password therefore is essential. It creates the encryption key locally and ensures that only someone with that password can decrypt the data.
Even if someone gets the URL, they cannot view the contents without the correct password.