Hi ,
Lately, I’ve been working on a small project called deaddrop.space. I’m posting it here because I thought it might be handy to those who care about privacy and control over their data.
It’s a secure, anonymous file-sharing platform built to prioritize privacy, control, and simplicity. Unlike typical services that ask you to sign up, verify emails, or accept endless terms, DeadDrop lets you upload and share files — no accounts, no tracking, no nonsense.
Here’s how it works:
- You upload a file, set a name, password, expiry date, and max number of downloads.
- To share it, just provide the recipient with the name and password (or a direct link).
- Files are encrypted in the browser using AES-256 before they ever leave your device.
- No raw files or passwords are sent to the server — it’s zero-knowledge encryption.
That means even I, the creator, can’t decrypt or access the files.
BTW, it is open source : https://github.com/Rayid-Ashraf/deaddrop
Would love to hear what you all think — feedback and suggestions are welcome!
How do you plan to address offensive or illegal content?
To be honest, there is not much I can do about it. However, if anybody found any illegal content, He/she can report it to me with name and password. I will verify the file and permanently delete it if their was anything offensive or illegal.
How do you mean verify the file?
By verify, I mean to check whether there is really something illegal in the file or not
But how would you do this if you can’t see in the files?
Edit: Ah, I see, if they gave you the password.
Edit 2: You might want to look at local laws. In many places, ‘checking’ to see if there is CSAM is still considered viewing CSAM.
Oh boy! Didn’t know about that. But how do other platforms like dropbox, whatsapp and telegram tackle these problems. Don’t they first have verify a content to delete or report about it.
In the UK, if I opened a page that had CSAM on it but closed it as soon as I realised without opening the images, the fact that my browser has cached that page (with thumbnails) means I’m in possession & could be prosecuted.
So with that logic, if a person reports CSAM to police. The police first has arrest the person who reported it. Am I right?
If you’re in the US our laws would allow you to view the file to check if it does indeed violate the law, so long as you properly delete it and any potential backup of it immediately
You’re safe from being sued or held liable for hosting it due to the nature of your platform, and the required checking of the content before removal would be allowed (you could also theoretically leave it to the police to send you takedown requests instead, then you don’t even have to subject yourself to the potentially bad material)
You could also implement some sort of hash scanning against known-bad data, there are datasets of hashes of files you could check against and deny the uploading or auto-delete/report to authorities if you wanted
I would not trust legal advice from a random person on Lemmy. US laws vary by state.
Safe Harbor in the DMCA (Digital Millennium Copyright Act) supersedes all state law and makes it clear that a content host acting in good faith is not liable for the bad actions of their users
Thanks for mentioning this, I really appreciate it. I will considering implementing hash scanning before encryption to help prevent illegal content.
So you’ve built a platform with an ideal use case that you’re absolutely opposed to but have no mechanism to control or even detect.
Well, everything has its own pros and cons
Have you considered that as the host, you’re the only person who is not anonymous?
If someone did upload something illegal, and share it with a community, only one member of that community needs to get busted for you as the host to be identified as the “source”.
I’m aware that in civil cases hosts are liable for the content they host, but criminally? IDK.
Anyhow, I didn’t intend to dump on your project. I hope I’m wrong and it all goes great. I look forward to being downvoted to oblivion.
I am considering going to UAE :)
So now you’re moving to avoid jurisdiction rather than just not enabling csam?
I want to be very clear: I do not condone CSAM or any illegal activity. DeadDrop is simply a privacy-focused file-sharing service — like many tools that value anonymity, it can be misused, but that’s not its purpose or intent.
To your question: I’m not trying to “avoid jurisdiction” — I’m trying to build a service that respects privacy and anonymity, which I believe are fundamental rights. Unfortunately, any privacy tool (from Signal to Tor) can be exploited. The challenge isn’t the tool itself, but how we handle misuse without compromising basic freedoms for everyone else.
If we shut down every tool that could be misused, we’d also be shutting down freedom of speech, press, and secure communication. That’s not a solution — it’s just pushing the problem elsewhere.
That’s a very reasonable response, and I’m not sure how to put into words the reasons I disagree.
I think i would say that while privacy is important and should be valued, I believe that protecting against the harm that individuals can do with tools such as this one is a greater good for society than the harm caused by ensuring that tools such as these are not allowed.
Perhaps you should look up zero knowledge encryption.
How would they if they can’t see it
Good point. I should’ve read the overview more carefully.
That being the case, my next question: Is this intended to be a CSAM sharing platform, or is it just naively a CSAM sharing platform?
That’s like sending letters to your water utility to ask them how they intend to stop people from drowning.
I mean, how do you expect anyone to enforce that? That’s like looking into every envelope or package sent through mail…
Usually you just keep logs and then it’s up to the police to enforce, obviously not anonymous though.
Yeah, that is the problem, If I started doing this, what is the point of anonymous then.
Look, problems like CSAM can’t be solved just by shutting down the platforms used to distribute it. If one site goes down, they’ll just move to another. Problems like this can only be solved by addressing the root cause. However, on my end, i will do my best to tackle this issue.
Absolutely not. DeadDrop is built with privacy and security in mind, strictly for legitimate, ethical file sharing. It’s designed to empower users to share sensitive but legal information safely, not for any illegal activity.
I do not support or tolerate any use of the platform for sharing harmful or illegal content like CSAM. If such misuse is detected or reported, the file will be permanently deleted and the IP address will be blocked.
So naively then.
Do you have a suggestion on how to combat this while not snooping on a users files? Or are you just enjoying the soapbox?
They’re basically just poo-pooing the ideas of privacy and security, no more than “the government and corporations need access to everything you do because someone somewhere is doing bad things.”
It’s the same idea as “encryption bad because terrorists,” and “gun company bad because murders,” some people blame the people doing the bad thing, and some people blame the tool used or who created it.
No, there isn’t a solution.
You can’t ethically provide anonymous no-knowledge hosting.
So if you are doing nothing wrong you have nothing to hide?
This project just looks like it was tailor made for CSAM.
That’s definitely not the intention. It’s built for people who care about privacy, not for anything illegal.
Yeah. I’m kind of surprised no one else is really concerned about that. The legal ramifications of hosting a service like this are no joke.