As a rule, when using a service of this kind, a direct link to a "note" is formed, which can often be additionally provided with a password - only the sender and the addressee should know it, which protects the information from being read by third parties.
When using the services listed below, you must remember that their developers / owners, as a rule, CANNOT PROVE that one-time messages are indeed deleted from the server, that the servers themselves do not keep logs, and that the administration will not share information with the authorities and / or special services upon request. For this reason, it is highly discouraged to use such sites to transfer sensitive personal information. To ensure the proper level of secrecy, you can use services like "burn after reading" in conjunction with direct PGP encryption of the message text with the key of the person you want to contact (for this, the programs GnuPG, Gpg4win, gpg4usb, etc. are suitable).
Possibility of additional protection with a passphrase. The key is generated from random browser data + your passphrase + unique random data using the Fortuna PRNG algorithm. After reading the message, the link begins to lead to a random image - this is the only thing that can be seen after "using" the link. But the main feature of Secserv.me is that the encryption of a message using the AES-256 algorithm is performed in the browser before sending the anonymous text to the server.
The first part of the URL is the unique identifier of the encrypted message and is sent to the server, the second part is the decryption key (starts after the # character). Thus, the key is not transmitted to the server, which means that the server cannot decrypt the message and view its contents.
RSA is used for key pairs, messages and files are encrypted using AES-256 and SHA-256 for hashing. The site also has a password generator and sending one-time letters by e-mail. From the repository on GitHub, you can build an application for Unix-like systems, a test build is available for Windows and Mac. Messages and files can only be decrypted by entering the passphrase specified when creating the key.
Your data is never stored in the public domain and cannot be decrypted without your passphrase (according to the developer's assurance).
There is a passphrase function - it is not saved anywhere (only bcrypted hash is written). Memos can be stored for up to 7 days for anonymous users and up to 14 days for free accounts. The maximum text message size is 100KB for anonymous users, 100KB for free accounts, and over 100KB after payment.
The source code for WebCrypt is published under the GNU GPL and is based on the Stanford Javascript Crypto Library. Use the service with caution - by default the site runs over HTTP and not over an encrypted HTTPS connection.
To save the user's session, 2 cookies are used (the first for the session ID, the second for session encryption), as well as the Google Analytics anonymous cookies. Cookies must be enabled in order to post or read a password protected message.
The user's session is encrypted with a randomly generated key that is stored in your cookies => server administrator or anyone else cannot read your session information.
Next, the interlocutor must enter the secret key on the FireTalks main page and enter the conversation. Registration and creation of a nickname is not required. After all participants have left the conversation, the correspondence is completely deleted from the server and there is no longer any way to read it (according to the developer).
The site administration does not guarantee the security of the transmitted information.
Service from the Rutor forum. The functions of attaching files, setting a password, previewing a message are available; has a number of language localizations. Requires JavaScript enabled.
2. Enot - enotegggr635n4lw.onion
One-time notes from UNITY are destroyed after viewing. Super minimalistic interface design. Works without JavaScript.
3. Stronghold Paste - nzxj65x32vh2fkhk.onion
Post notes can be titled, encryption and commenting on messages are also on board. Doesn't require JavaScript.
I EXTREMELY DO NOT RECOMMEND to use these services, since some of them have a leaky security system, some keep logs and merge data with special services without hesitation: Privnote, TMWSD, Secure Share, ShareMessage.NET, Fastmessage and other dubious projects.
When using the services listed below, you must remember that their developers / owners, as a rule, CANNOT PROVE that one-time messages are indeed deleted from the server, that the servers themselves do not keep logs, and that the administration will not share information with the authorities and / or special services upon request. For this reason, it is highly discouraged to use such sites to transfer sensitive personal information. To ensure the proper level of secrecy, you can use services like "burn after reading" in conjunction with direct PGP encryption of the message text with the key of the person you want to contact (for this, the programs GnuPG, Gpg4win, gpg4usb, etc. are suitable).
Secserv.me
There is a group chat function, as well as a nice section with video manuals. There is no Google Analytics and Yandex-Metrics on Secserv.me. HTTPS connection with AES-256 and RSA 2048 bit encryption. Any file type up to 7 MB with data encryption is supported. The key is not decrypted on the server, and the message URL cannot be reopened.Possibility of additional protection with a passphrase. The key is generated from random browser data + your passphrase + unique random data using the Fortuna PRNG algorithm. After reading the message, the link begins to lead to a random image - this is the only thing that can be seen after "using" the link. But the main feature of Secserv.me is that the encryption of a message using the AES-256 algorithm is performed in the browser before sending the anonymous text to the server.
The first part of the URL is the unique identifier of the encrypted message and is sent to the server, the second part is the decryption key (starts after the # character). Thus, the key is not transmitted to the server, which means that the server cannot decrypt the message and view its contents.
Crypt-A-Byte
The project is based on open source code, there is an API. Crypt-A-Byte uses public key encryption as well as HTTPS / SSL and OpenPGP / PGP technologies.RSA is used for key pairs, messages and files are encrypted using AES-256 and SHA-256 for hashing. The site also has a password generator and sending one-time letters by e-mail. From the repository on GitHub, you can build an application for Unix-like systems, a test build is available for Windows and Mac. Messages and files can only be decrypted by entering the passphrase specified when creating the key.
Your data is never stored in the public domain and cannot be decrypted without your passphrase (according to the developer's assurance).
One time secret
The service is open source, there is also an API. Information is sent and received over SSL. Unfortunately, the user's IP address is being logged. Browser information is written to further optimize the website. When you enter the site using a referral link, data is collected about the location of this link.There is a passphrase function - it is not saved anywhere (only bcrypted hash is written). Memos can be stored for up to 7 days for anonymous users and up to 14 days for free accounts. The maximum text message size is 100KB for anonymous users, 100KB for free accounts, and over 100KB after payment.
WebCrypt
Open source software. Nothing is saved or transmitted to the server. The entire encryption process takes place in the browser and does not require any data transfer to the server.The source code for WebCrypt is published under the GNU GPL and is based on the Stanford Javascript Crypto Library. Use the service with caution - by default the site runs over HTTP and not over an encrypted HTTPS connection.
Cloakmy
Data is encrypted and passwords hashed using Bcrypt. Registers IP addresses when sending a message; The IP addresses of the Service are also registered during login attempts (only after an incorrect password and / or incorrect link).To save the user's session, 2 cookies are used (the first for the session ID, the second for session encryption), as well as the Google Analytics anonymous cookies. Cookies must be enabled in order to post or read a password protected message.
The user's session is encrypted with a randomly generated key that is stored in your cookies => server administrator or anyone else cannot read your session information.
FireTalks
Service from a Russian developer. To start chatting, you need to inform the interlocutor in advance of the secret key - any phrase or set of letters, numbers, symbols in Cyrillic or Latin.Next, the interlocutor must enter the secret key on the FireTalks main page and enter the conversation. Registration and creation of a nickname is not required. After all participants have left the conversation, the correspondence is completely deleted from the server and there is no longer any way to read it (according to the developer).
Quickforget
It is possible to set the number of allowed views for a message. No cookie required. No identifiable information is stored. As soon as the message expires, it is deleted from the service database and is not archived (again, only according to the developer / admin).The site administration does not guarantee the security of the transmitted information.
DestructingMessage
No guarantees at all. You can set a timer that counts down the specified time from the moment the link is opened, and then destroys the record. Messages must be read before the expiration of 90 days, otherwise they will be irretrievably lost.
Onion-services
1. CrypTor - cryptorffquolzz6.onionService from the Rutor forum. The functions of attaching files, setting a password, previewing a message are available; has a number of language localizations. Requires JavaScript enabled.
2. Enot - enotegggr635n4lw.onion
One-time notes from UNITY are destroyed after viewing. Super minimalistic interface design. Works without JavaScript.
3. Stronghold Paste - nzxj65x32vh2fkhk.onion
Post notes can be titled, encryption and commenting on messages are also on board. Doesn't require JavaScript.
I EXTREMELY DO NOT RECOMMEND to use these services, since some of them have a leaky security system, some keep logs and merge data with special services without hesitation: Privnote, TMWSD, Secure Share, ShareMessage.NET, Fastmessage and other dubious projects.
