I built a small project called DeadDrop – a tool for sharing files without needing logins or accounts. You just enter a name and a passkey, and your file is encrypted in the browser using AES-GCM. Only the encrypted file is uploaded. On the other side, anyone with the same name + key can retrieve and decrypt it client-side.
The server never sees the passkey or the raw file – it's fully privacy-first.
Use cases: quick transfers between devices, sharing sensitive files with collaborators, or just simple temp file drops without any tracking.
I recommend using a different word than "passkey". That has a specific meaning that's different than how it's used here. Password or passphrase would be more appropriate.
You're right, "passkey" has a specific meaning these days. I’ll consider switching to something like "password" or "passphrase" to avoid confusion. Appreciate the suggestion!
I hand-coded the UI and most of the app myself. However, I use AI for tedious functions, writing comments, or reviewing code. It’s a helpful assistant, but I’m in the driver’s seat.
Totally understand the concern — I’ve thought a lot about that.
I'm not encouraging illegal use; it's designed for privacy-conscious developers, teams, and individuals who want simple, disposable file transfers. And like with any tool, it depends on how users choose to use it.
That said, I'm keeping an eye on best practices (and legality) around hosting this kind of service. Appreciate you bringing it up!
Well, since all files are encrypted on the client side, I can’t actually read or access the contents of the files being uploaded. That means I can't know what’s being shared. However, I’ll be adding clear policies that will allow me to delete any files that appear to be used unethically or in violation of the guidelines.
Since you have access to raw data as it is being encrypted, you can know what material is being uploaded. You could in theory maybe claim that data is encrypted on the client but it is your client served from your domain.
For now, the file size limit is 10MB, and you can choose how long the file stays — anywhere from 1 day to 30 days. As for privacy and security, everything is end-to-end encrypted in your browser using AES-GCM, so the server never sees your passkey or the unencrypted file. It's designed to be private and anonymous, with no personal data involved. I totally get the concern about trust — I’m being as transparent as possible about the process, and I want to make sure you feel confident using it. If you ever want more details or have any doubts, feel free to reach out at rayidashrafdar@gmail.com!
Thanks! I actually didn’t know about Firefox Send until after I built DeadDrop. But now that I’ve seen it, I can definitely see the similarities. Glad you liked it!
That's awesome — love seeing others thinking in the same direction! Just checked out your project, and it’s really well put together. Funny how we both ended up with such similar names and ideas. I hadn’t seen yours before launching mine, but it’s super cool to see how you approached it differently with those extra features. More privacy-focused tools in the space is always a win!
I think the vision is pretty optimistic.. It would help a lot in rapid file transfer for those who are working in documentation sectors.. It would also help school or college students for their ppt sharing without a physical usb... Nice initiative
Thanks! Glad you see the potential — that’s exactly the goal, to make file sharing as quick and simple as possible. No USBs, no hassle. Appreciate the feedback!
I built a small project called DeadDrop – a tool for sharing files without needing logins or accounts. You just enter a name and a passkey, and your file is encrypted in the browser using AES-GCM. Only the encrypted file is uploaded. On the other side, anyone with the same name + key can retrieve and decrypt it client-side.
The server never sees the passkey or the raw file – it's fully privacy-first.
Use cases: quick transfers between devices, sharing sensitive files with collaborators, or just simple temp file drops without any tracking.
Would love your feedback or suggestions!
Link: https://deadrop.updo.in
It's starting to rub off.
I'm not encouraging illegal use; it's designed for privacy-conscious developers, teams, and individuals who want simple, disposable file transfers. And like with any tool, it depends on how users choose to use it.
That said, I'm keeping an eye on best practices (and legality) around hosting this kind of service. Appreciate you bringing it up!
Protect yourself as best as you can. The worst that could happen is if this is used for CSAM, and then it's over.
And most importantly, how can we trust it's private/anonymous/encrypted?
Different tech stack and slightly different features though. Super cool to see more other tools in the space!
https://datadeaddrop.com/