I think you could use AES encryption to generate base64 URLs from cleartext. They will be long and ugly, but reversible with a key and not requiring the database.
you can api to a url shortener like bitly. the short url can be communicated via a piece of paper. this will create an encrypted messenger operating with full transparency directly from github.
Yes, true, did not think about the database. Then no, it cannot be verifiably trustless. Whoever has access to the database can spy on and change the links.
I recommend using cryptomator over relying on sandboxed remote code execution as a feature (javascript) to encrypt your stuff. Yes you can verify it, but you have to verify it every time you reload the browser.
The good news is, the code you've already written can still be adapted into an app. Just loaded locally rather than from a webserver every time you refresh the page.
As of right now, I would personally basically consider your site to be a honeypot that is trying to rely on time to relax a userbase before changing out the code one day. Nothing personal.
This is awesome! A simple yet very useful tool, especially in environments where privacy and security are crucial for sharing addresses and sensitive information. I really like that the encryption happens client-side, which significantly enhances security.
Do you have any plans to open-source this project, or are you looking to develop it further based on feedback? Also, is there a mechanism to ensure that links can't be reused after being accessed once?
Either way, great work—I’ll definitely give it a try!
Host it on Github Pages with automated deployment with Github Actions. That way the source code can be verifyably trustworthy.
deleted by author
I think you could use AES encryption to generate base64 URLs from cleartext. They will be long and ugly, but reversible with a key and not requiring the database.
deleted by author
you can api to a url shortener like bitly. the short url can be communicated via a piece of paper. this will create an encrypted messenger operating with full transparency directly from github.
Yes, true, did not think about the database. Then no, it cannot be verifiably trustless. Whoever has access to the database can spy on and change the links.
I recommend using cryptomator over relying on sandboxed remote code execution as a feature (javascript) to encrypt your stuff. Yes you can verify it, but you have to verify it every time you reload the browser.
The good news is, the code you've already written can still be adapted into an app. Just loaded locally rather than from a webserver every time you refresh the page.
As of right now, I would personally basically consider your site to be a honeypot that is trying to rely on time to relax a userbase before changing out the code one day. Nothing personal.
deleted by author
Have you looked at Winden? https://winden.app/s
It is based on the Magic Wormhole protocol:
https://magic-wormhole.readthedocs.io/en/latest/
deleted by author
This is awesome! A simple yet very useful tool, especially in environments where privacy and security are crucial for sharing addresses and sensitive information. I really like that the encryption happens client-side, which significantly enhances security.
Do you have any plans to open-source this project, or are you looking to develop it further based on feedback? Also, is there a mechanism to ensure that links can't be reused after being accessed once?
Either way, great work—I’ll definitely give it a try!