The Problem

Sending someone secure data is a real hassle. If they don't have GPG, or some such tool, then what do you do? Send a user name in one email. password in another most likely.
This isn't great.
That email sits on a server forever! If their email is EVER compromised, then so is your data.

Here we follow a couple basic steps:
  • Dead Drops are only stored for 24 hours, then they are deleted.
  • We never send your data over the wire unencrypted–we do it all via javascript in YOUR browser.
  • We can not decrypt your data, we simply don't have the password.
  • We do not use cookies.
  • We do not log your I.P.–we log the visit for load calculations, but nothing ABOUT you.
  • We don't do encryption–we leave that to the clever people at Cripto-JS.
  • We Err on the side of safety–if an incorrect password is entered, or if anything else goes wrong we delete the data. This is not a locker service.

So, is this safe?

The possible security issues depend on what form of communication you're using, ie: text message, email, carrier pigeon, etc.
The issues are:
  • someone gets the url/password before the intended recipient.
  • If their email is compromised, and someone is monitoring it, well your out of luck.
  • you text the info, and someone else has the recipients phone.
If these are deal breakers, you're probably a spy of some sort, and thus shouldn't be using anonymous services on the internet.
The security of the encryption used is handled by the Symmetric Encryption engine developed at Stanford.
"Crypto-JS is secure. It uses the industry-standard AES algorithm at 128, 192 or 256 bits; the SHA256 hash
function; the HMAC authentication code; the PBKDF2 password strengthener;
and the CCM and OCB authenticated-encryption modes."

Technologies in Use

CodeIgniter Framework 3.1.5
Symmetric Encryption in javascript
Jquery 2.1.4
bootstrap 3.3.5