About This Service
This is a free service provided for use primarily for USF Information Technology to send short pieces of sensitive data securely. This runs a fork of the software developed by OneTimeSecret [Github]. This instance is owned, maintained, and operated by USF IT Web Services.
F.A.Q.
Why would I use this?
When you send people passwords and private links via email or chat, there are copies of that information stored in many places. If you use a one-time link instead, the information persists for a single viewing which means it can't be read by someone else later. This allows you to send sensitive information in a safe way knowing it's seen by one person only. Think of it like a self-destructing message.
What should I use this for?
Any text you need to share, but don't feel quite right putting in an email. Passwords, certificates, keys, etc. Pieces of information usually only sent by SneakerNet.
[Note: this server is NOT certified HIPAA-compliant and should NOT be used for transmitting PHI data].
Why can't I send pictures or other kinds of files?
The challenge with sending files, images in particular, is that there's no way to absolutely guarantee it wasn't copied or shared with other people. In order to ensure that no one's private information is unknowingly shared, it was designed to err on the side of simplicity.
But I can copy the secret text. What's the difference?
True but all you have is text. With images and other files types, they can contain metadata and other potentially revealing information about who the sender or recipient. Again, this is simply to ensure that no private information is shared outside of the intended recipient.
Can I retrieve a secret that has already been shared?
Nope. We display it once and then delete it. After that it's gone forever.
How long do you keep non-viewed secrets?
We keep secrets for up to 3 days for anonymous users and up to 30 days for free accounts. After that they are deleted automatically and gone forever. (Note: by the time you read a secret, it's already deleted from our servers.)
What is the maximum message size?
The maximum size is 100KB for anonymous users, 1000KB for registered accounts.
Why should I trust you?
General we can't do anything with your information even if we wanted to (which we don't). If it's a password for example, we don't know the username or even the application that the credentials are for.
If you include a passphrase (available under "Privacy Options"), we use it to encrypt the secret. We don't store the passphrase (only a bcrypted hash) so we can never know what the secret is because we can't decrypt it.
This application is installed on internal USF servers and managed by a select group of USF IT personnell only. No third parties are involved in the operation of this service. This instance is a fork of the original project, and the codebase is independently reviewed and maintained by USF IT Web Services.