Security Architecture

Design Philosophy

CryptDrop prioritizes simplicity, performance, and practical security over theoretical forensic countermeasures. Our approach focuses on what actually matters: end-to-end encryption, immediate data deletion, and minimal logging.

How It Works

1. Client-Side Encryption

Your message is encrypted in your browser using AES-256 before it ever leaves your computer:

  • Encryption happens locally in the Web Crypto API
  • Only the encrypted message is sent to our servers
  • The encryption key is never transmitted to the server
  • The key lives only in the URL fragment (#) which never reaches our servers

2. Zero-Knowledge Server

Our server has no way to access your messages:

  • We never receive encryption keys
  • We only see encrypted data
  • We cannot decrypt anything even if we wanted to
  • Even legal requests cannot reveal content we don't have

3. Immediate Deletion

Data is deleted as soon as it's no longer needed:

  • After the recipient views the note (one-time read)
  • After 24 hours if not viewed
  • No archived copies or backups of content
  • Deleted data cannot be recovered

4. Minimal Logging

We keep logs to a minimum for practical security monitoring:

  • No persistent storage of access logs
  • No user profiling or tracking
  • No association of data with user identities
  • Real-time monitoring only for abuse prevention

Why We Removed Complex Forensics

We originally considered complex forensic countermeasures (multiple-pass overwrites, database vacuuming, timing attack defenses), but decided they add unnecessary complexity without meaningfully improving security:

  • Encrypted data doesn't need overwriting: If someone obtained deleted encrypted data, they still couldn't read it
  • We don't store data long enough: 24-hour maximum lifetime means forensic recovery is not a realistic threat
  • Performance matters: Complex overwrite operations slow down the service for minimal benefit
  • Simplicity is better: Fewer lines of code means fewer bugs and better maintainability

The real security comes from: encryption + immediate deletion + zero-knowledge architecture

Security Guarantees

What We Guarantee

  • End-to-end encryption with AES-256
  • Immediate deletion after viewing or after 24 hours
  • Zero access to unencrypted content
  • HTTPS/TLS for all communications
  • No persistent user profiles
  • Minimal, non-persistent logging

What We Don't Claim

  • Protection against device malware (nothing can protect you from that)
  • Protection against someone having your complete URL (they would have the key)
  • Protection against you sharing the URL insecurely
  • Forensic-grade data wiping (unnecessary for our use case)

For Developers

Encryption Implementation

We use the native Web Crypto API for AES-256-GCM encryption, which is:

  • Standardized and audited by cryptographers
  • Implemented in optimized native code
  • Better protected from side-channel attacks than JavaScript implementations
  • The modern recommendation from security experts

Key Points in the Code

  • Keys are generated with crypto.getRandomValues()
  • Encryption uses SubtleCrypto.encrypt()
  • All server endpoints validate and authenticate normally
  • Deleted data is immediately and permanently removed
Back to Main Page View Changelog