This site uses one first-party cookie to keep track of sessions.
Cookies are not stored after sessions.
All data is encrypted in-browser before uploading, unecrypted files
will never hit the server.
[1]
Autodecryption appends the password to the link as a
hash
in plain text. This will not send the password to the server,
nonetheless, this opens up the link share to
MITM
attacks.
Burn after uses a subset of key bytes as a burn token. When the
recipient regenerates the key from the material, the same burn token
is deterministically produced and sent to the server to alert that the
ciphertext has been decrypted once.
The encryption key is always generated with a burn token even
if the open limit is unset. The token is throw away in such cases.
Bugs, fixes, or features
Send an email to the
mailing list
(Plaintext only or your email will get bounced!).
Or submit an issue to
codeberg repo
Takedowns
If you would like to requeset a content takedown, send an email with
the link in question to
takedown@paste.standof.fish, along with proof of your identity and ownership.
All content takedown notices will be made publicly available with
submitter information.