Send a secret
Create a private room, write your message, and copy the link. Everything is encrypted before it leaves your browser.
Safe file share
A browser-only tool for sharing secrets that even a quantum computer (probably) can't crack. Pick a strength, send the link, the recipient decrypts in their own tab.
Backend health
Resolving backend URL…
Checking…
Got a link?
Paste the full link the sender shared with you. The room id, code, and fingerprint all travel inside it.
What you get
Strength tiers
| Tier | Wall clock | Cascade |
|---|---|---|
| Fast | ~5 sec | Superdilithium · HPKE · Falcon Crypto · Ntru · Crystals Kyber · FrodoKEM-976 · MAYO-5 |
| Medium | ~7-10 sec | Superdilithium · HPKE · Falcon Crypto · Ntru · Crystals Kyber · FrodoKEM-976 · MAYO-5 · Dilithium Crystals · HQC-256 |
| High | ~24-40 sec | Superdilithium · HPKE · Falcon Crypto · Ntru · Crystals Kyber · FrodoKEM-976 · MAYO-5 · Dilithium Crystals · HQC-256 · McEliece |
| Ultra High | ~50-90 sec | Superdilithium · HPKE · Falcon Crypto · Ntru · Crystals Kyber · FrodoKEM-976 · MAYO-5 · Dilithium Crystals · HQC-256 · McEliece · Sphincs · Super Sphincs |
Times include the receiver's keygen plus the sender's cascade. Classic McEliece dominates High, SPHINCS+ dominates Ultra High.
What we do not see
- No accountsNo login, no email, nothing tied to your identity.
- No plaintext storageServer only ever sees opaque ciphertext for the seconds the room is open.
- No persistent roomRooms vanish when both peers leave. Nothing is written to disk.
- Out-of-band trustThe fingerprint in the link lets the receiver detect a swapped sender key.
Caveat: the host serving these static files still sees your IP and TLS metadata, like any web app. Self-host the client if that matters.
FAQ
▶Which browsers work?
Anything modern with WebCrypto and WebRTC: recent Chrome, Edge, Firefox, Safari. Mobile Safari and Chrome on Android are tested.
▶How long does a link stay valid?
Only while both peers have the page open. Close the sender tab and the room is gone — there is nothing on the server to expire.
▶Is there a size limit?
No hard cap when using peer-to-peer, 1MB limit when using the relay, but everything runs in the browser, so multi-hundred-MB transfers will spike CPU and memory. Stick to documents, secrets, and small files.
▶What about security?
The server only ever sees ciphertext, and the fingerprint in the URL lets the receiver confirm they got the right sender key. The payload is wrapped in a cascade of post-quantum algorithms from different mathematical families (lattice, code-based, hash-based, hybrid), so an attacker has to break every layer independently — and the whole thing is signed with Dilithium, so a malicious server can't swap in its own keys. TLS being broken in the future doesn't help an attacker either: that's exactly the harvest-now-decrypt-later scenario this is built for. The realistic weak link is your device or browser, not the crypto.
▶What if I want to share with myself across devices?
This is not really designed for that, but it should work if you open the same link on both devices at the same time. Just make sure to copy the link from one device to the other before opening it anywhere.
▶What if i want to share a huge file?
This tool is really meant for small secrets. For larger files you might want to encrypt the whole file using whatever tool you like, then share the decryption key with this.
▶Why does Ultra High take so long?
It adds SPHINCS+ and SuperSPHINCS, which are hash-based signatures with deliberately heavy signing. The receiver does the same keygen as High; the sender does much more work.
▶Why do I need a fingerprint AND a code?
The code matches the two tabs in the room. The fingerprint binds the cascade to the sender's signing key so a malicious server cannot swap in its own.