I built a small project called DeadDrop – a tool for sharing files without needing logins or accounts. You just enter a name and a passkey, and your file is encrypted in the browser using AES-GCM. Only the encrypted file is uploaded. On the other side, anyone with the same name + key can retrieve and decrypt it client-side.
The server never sees the passkey or the raw file – it's fully privacy-first.
Use cases: quick transfers between devices, sharing sensitive files with collaborators, or just simple temp file drops without any tracking.
Be careful hosting a service like this. You will have feds knocking on your door in no time.
Rayid•9mo ago
Totally understand the concern — I’ve thought a lot about that.
I'm not encouraging illegal use; it's designed for privacy-conscious developers, teams, and individuals who want simple, disposable file transfers. And like with any tool, it depends on how users choose to use it.
That said, I'm keeping an eye on best practices (and legality) around hosting this kind of service. Appreciate you bringing it up!
7bit•9mo ago
> it depends on how users choose to use it.
Protect yourself as best as you can. The worst that could happen is if this is used for CSAM, and then it's over.
Rayid•9mo ago
Well, since all files are encrypted on the client side, I can’t actually read or access the contents of the files being uploaded. That means I can't know what’s being shared. However, I’ll be adding clear policies that will allow me to delete any files that appear to be used unethically or in violation of the guidelines.
rad_gruchalski•9mo ago
Since you have access to raw data as it is being encrypted, you can know what material is being uploaded. You could in theory maybe claim that data is encrypted on the client but it is your client served from your domain.
Rayid•9mo ago
Right, since the client is served from my domain, trust in the code is essential. Encryption happens in-browser, and nothing is logged or intercepted, but to back that up, I’m planning to open-source the website in the future so anyone can verify exactly what’s going on.
cedws•9mo ago
The minutiae don't matter, if they think your service is serving data it shouldn't be, encrypted or not they will bust down your door.
Rayid•9mo ago
At the moment, this website is still in its early stages, but I'm fully committed to finding ways to prevent any unethical use of the platform. It's something I’ll continue working on as I develop and improve it. Thanks for the concern!
Well done! I appreciate the minimal, no-login approach. It feels like a modern and more lightweight alternative to (late)Firefox Send.
Rayid•9mo ago
Thanks! I actually didn’t know about Firefox Send until after I built DeadDrop. But now that I’ve seen it, I can definitely see the similarities. Glad you liked it!
pogue•9mo ago
What's the file size limits? How long does the file stay there?
And most importantly, how can we trust it's private/anonymous/encrypted?
Rayid•9mo ago
For now, the file size limit is 10MB, and you can choose how long the file stays — anywhere from 1 day to 30 days. As for privacy and security, everything is end-to-end encrypted in your browser using AES-GCM, so the server never sees your passkey or the unencrypted file. It's designed to be private and anonymous, with no personal data involved. I totally get the concern about trust — I’m being as transparent as possible about the process, and I want to make sure you feel confident using it. If you ever want more details or have any doubts, feel free to reach out at rayidashrafdar@gmail.com!
apitman•9mo ago
I recommend using a different word than "passkey". That has a specific meaning that's different than how it's used here. Password or passphrase would be more appropriate.
Rayid•9mo ago
You're right, "passkey" has a specific meaning these days. I’ll consider switching to something like "password" or "passphrase" to avoid confusion. Appreciate the suggestion!
Xiol32•9mo ago
Did you write your app using an LLM?
It's starting to rub off.
Rayid•9mo ago
I hand-coded the UI and most of the app myself. However, I use AI for tedious functions, writing comments, or reviewing code. It’s a helpful assistant, but I’m in the driver’s seat.
youniverse•9mo ago
Even all his replies are fishy lmao
Rayid•9mo ago
"Well, I’m not a native English speaker, so sometimes I use LLM to give finishing touches to my text so that I can articulate better.
Andrew091•9mo ago
I think the vision is pretty optimistic.. It would help a lot in rapid file transfer for those who are working in documentation sectors.. It would also help school or college students for their ppt sharing without a physical usb... Nice initiative
Rayid•9mo ago
Thanks! Glad you see the potential — that’s exactly the goal, to make file sharing as quick and simple as possible. No USBs, no hassle. Appreciate the feedback!
hschne•9mo ago
I launched something similar a year ago, funnily with an almost identical name.
Different tech stack and slightly different features though. Super cool to see more other tools in the space!
That's awesome — love seeing others thinking in the same direction! Just checked out your project, and it’s really well put together. Funny how we both ended up with such similar names and ideas. I hadn’t seen yours before launching mine, but it’s super cool to see how you approached it differently with those extra features. More privacy-focused tools in the space is always a win!
eipi10_hn•9mo ago
Thanks for the project. Does the tool have expiry time for the files?
Rayid•9mo ago
Yup! When you upload a file, you can choose how long it stays — anywhere from 1 day to 30 days. After that, it's automatically deleted from the server.
aiiizzz•9mo ago
Firefox Send flashbacks. It was shut down because it became a malware hotbed.
Rayid•9mo ago
I totally get the concern, and I am aware of what happened with Firefox Send. DeadDrop is still in its early stages, but I’m actively thinking about ways to prevent any unethical use of the platform as it grows.
Rayid•9mo ago
I built a small project called DeadDrop – a tool for sharing files without needing logins or accounts. You just enter a name and a passkey, and your file is encrypted in the browser using AES-GCM. Only the encrypted file is uploaded. On the other side, anyone with the same name + key can retrieve and decrypt it client-side.
The server never sees the passkey or the raw file – it's fully privacy-first.
Use cases: quick transfers between devices, sharing sensitive files with collaborators, or just simple temp file drops without any tracking.
Would love your feedback or suggestions!
Link: https://deadrop.updo.in
cedws•9mo ago
Rayid•9mo ago
I'm not encouraging illegal use; it's designed for privacy-conscious developers, teams, and individuals who want simple, disposable file transfers. And like with any tool, it depends on how users choose to use it.
That said, I'm keeping an eye on best practices (and legality) around hosting this kind of service. Appreciate you bringing it up!
7bit•9mo ago
Protect yourself as best as you can. The worst that could happen is if this is used for CSAM, and then it's over.
Rayid•9mo ago
rad_gruchalski•9mo ago
Rayid•9mo ago
cedws•9mo ago
Rayid•9mo ago
Rayid•9mo ago
kratosthegod•9mo ago
Rayid•9mo ago
pogue•9mo ago
And most importantly, how can we trust it's private/anonymous/encrypted?
Rayid•9mo ago
apitman•9mo ago
Rayid•9mo ago
Xiol32•9mo ago
It's starting to rub off.
Rayid•9mo ago
youniverse•9mo ago
Rayid•9mo ago