Ok, drop made- you need to send the message below to the person you want to pick up this drop
I'm sending you some secure information.
Copy this url, and paste it into your web browsers location bar:
The Drop is also available over the clear Internet here:
and use the password I sent you in the other email
This will ONLY work once, so be careful with the password, and make sure to copy the data immediately.
After you pick it up, the data will self destruct and this link won't work anymore.
This link will only work for 24 hours, so please check shortly.
THIS IS THE PASSWORD! YOU NEED TO COPY THIS AND SEND IT TO THE PERSON AS WELL->
Enter the info to secure:
Retrieve a the Drop
Entering the password and clicking 'Get The Drop' WILL delete the information on the server. Ensure you have correctly copied the password.
Your Dead Drop
How Does This Work?
Sending someone secure data is a real hassle. If they don't have GPG, or some such tool, then what do you do? Send a user name in one email. password in another most likely.
This isn't great. That email sits on a server forever! If their email is EVER compromised, then so is your data.
Here we follow a couple basic steps.
Dead Drops are only stored for 24 hours, then they are deleted
We can not decrypt your data, we simply don't have the password
We do not log your I.P.–we log the visit for load calculations, but nothing ABOUT you
We don't do encryption–we leave that to the clever people at Stanford
We Err on the side of safety–if an incorrect password is entered, or if anything else goes wrong we delete the data. This is not a locker service
So, is this safe?
The possible security issues depend on what form of communication you're using, ie: text message, email, carrier pigeon, etc.
The issues are
someone gets the url/password before the intended recipient.
If their email is compromised, and someone is monitoring it, well your out of luck
you text the info, and someone else has the recipients phone
If these are deal breakers, you're probably a spy of some sort, and thus shouldn't be using anonymous services on the internet.
The security of the encryption used is handled by the Symmetric Encryption engine developed at Stanford "SJCL is secure. It uses the industry-standard AES algorithm at 128, 192 or 256 bits; the SHA256 hash
function; the HMAC authentication code; the PBKDF2 password strengthener;
and the CCM and OCB authenticated-encryption modes."
What if you're lying?
Well, you're a clever person, have a look at the code.