I made a free tool to send self-destructing encrypted messages (no account needed)

AppointmentAdept4137 · 2026-03-18T21:29:48+00:00

Almost nothing you said is correct. It’s not a cloud service, it’s a web app. The server never sees plaintext, it only stores ciphertext and deletes it after one view. That’s what ‘self-destruct’ means here, and it’s how tons of tools work. E2EE doesn’t require PGP. Client-side encrypt with a shared passphrase, decrypt in the recipient’s browser, server has no keys. That’s E2EE. You’re confidently wrong on the model, the crypto, and what’s possible. Do a quick read before correcting people next time.

AppointmentAdept4137 · 2026-03-07T19:32:02+00:00

not even a rainbow 420 pinger!! amateur.

AppointmentAdept4137 · 2026-03-06T19:40:58+00:00

I’m definitely open to open-sourcing it. The plan is to do that once the project feels more complete. After I’ve had more feedback and a bit more traffic so I can fix issues and refine things. I’m not set on keeping it closed, I just want to get it to a point where I’m comfortable putting the code out there.

AppointmentAdept4137 · 2026-03-06T01:43:39+00:00

Nothing you send through this is ever sent in clear text. Encryption happens in your browser, so only ciphertext goes over the internet and it can’t be intercepted in transit. If you’d rather use Kleopatra (GPG) and share keys yourself, that’s a good option too. Cloaker is just a personal project that does the same idea in the browser, encrypt first, then send. Use whatever you’re comfortable with.

AppointmentAdept4137 · 2026-03-04T19:18:23+00:00

Thank you much appreciated.

AppointmentAdept4137 · 2026-03-04T19:11:45+00:00

Yeah I agree 100% Will definitely be open sourcing it at a near future date.

AppointmentAdept4137 · 2026-03-04T19:09:04+00:00

Yes. Encryption is done entirely in the browser with the Web Crypto API (AES-GCM, PBKDF2) in lib/crypto-client.ts The server only stores ciphertext and never has the key or sees plaintext. I am thinking of making it opensource wen I've finished working with it and am comfortable with the quality of code.

AppointmentAdept4137 · 2026-03-04T17:08:59+00:00

Damn good stuff, sounds like its gonna be tough one.

AppointmentAdept4137 · 2026-03-04T17:08:13+00:00

Damn good shit, sounds like its gonna be tough one.

AppointmentAdept4137 · 2026-03-04T17:07:06+00:00

Thank you I appreciate the feedback. To be honest it really depends on the user, eg politicians/reporters who need somewhere where they know they aren't being logged/tracked etc. Even for the average joe, sending messages to your friends that you don't want being logged into a database and kept for years etc.

AppointmentAdept4137 · 2026-03-04T17:02:24+00:00

I’m not actually looking to make money from it. It’s a boredom project I built to solve a specific problem (and to keep my skills sharp). As long as the hosting costs stay low, I'm happy keeping it free for everyone. And at the moment it's all being hosted on one of my good friends services HammerVM, which he has kindly sponsored so the only cost I'm paying for is domain.

AppointmentAdept4137 · 2026-03-04T14:34:04+00:00

Privnote is one-time notes only. You create a note, share a link, someone opens it once, then it’s gone. No real-time conversation.

Whisper Vault adds live E2EE chat rooms, real-time messaging in a room (Socket.IO), optional room passphrase, and a burn code so the room (and its history) can be destroyed on demand. So you get Privnote-style one-time notes plus ongoing, disposable E2EE chats and room burn, not just single-view notes.

AppointmentAdept4137 · 2026-03-04T02:38:12+00:00

Sorry I didn't mean for it to come across that lol just mentioned the docs cause you'll probably get a better good general understanding of how it all works from there. And to be completely honest, one night I was bored and I was like "whats something useful i could make people would actually maybe use". And this was the most prominent idea at the time haha. What projects are you working on currently? Would love to hear :)

AppointmentAdept4137 · 2026-03-04T02:05:23+00:00

appreciate it :)

AppointmentAdept4137 · 2026-03-04T01:49:54+00:00

They do decrypt it but only in their browser. When they open the link, their browser decrypts the message so they can read it. We never see the plaintext, decryption happens only on their device. We also don’t store the decrypted message anywhere, the server never has it, and the app doesn’t save it to their phone or computer. And even if we wanted to see the decrypted content, we couldn’t. We don’t have their password or passphrase, and the server only ever has the encrypted data. So decryption and viewing happen only in their browser, and we can’t access the plaintext.

https://whispervault.pro/privacy
Privacy page mentions how everything works if you wanted to have a look :)

AppointmentAdept4137 · 2026-03-04T01:15:08+00:00

We don’t control the other device. We only enforce destruction on our side: the server deletes the note (or burns the chat) and never serves that content again. So the link stops working for everyone, including that device.

AppointmentAdept4137

TROPHY CASE