Hi ,
Lately, I’ve been working on a small project called deaddrop.space. I’m posting it here because I thought it might be handy to those who care about privacy and control over their data.
It’s a secure, anonymous file-sharing platform built to prioritize privacy, control, and simplicity. Unlike typical services that ask you to sign up, verify emails, or accept endless terms, DeadDrop lets you upload and share files — no accounts, no tracking, no nonsense.
Here’s how it works:
- You upload a file, set a name, password, expiry date, and max number of downloads.
- To share it, just provide the recipient with the name and password (or a direct link).
- Files are encrypted in the browser using AES-256 before they ever leave your device.
- No raw files or passwords are sent to the server — it’s zero-knowledge encryption.
That means even I, the creator, can’t decrypt or access the files.
BTW, it is open source : https://github.com/Rayid-Ashraf/deaddrop
Would love to hear what you all think — feedback and suggestions are welcome!
By verify, I mean to check whether there is really something illegal in the file or not
But how would you do this if you can’t see in the files?
Edit: Ah, I see, if they gave you the password.
Edit 2: You might want to look at local laws. In many places, ‘checking’ to see if there is CSAM is still considered viewing CSAM.
Oh boy! Didn’t know about that. But how do other platforms like dropbox, whatsapp and telegram tackle these problems. Don’t they first have verify a content to delete or report about it.
If you’re in the US our laws would allow you to view the file to check if it does indeed violate the law, so long as you properly delete it and any potential backup of it immediately
You’re safe from being sued or held liable for hosting it due to the nature of your platform, and the required checking of the content before removal would be allowed (you could also theoretically leave it to the police to send you takedown requests instead, then you don’t even have to subject yourself to the potentially bad material)
You could also implement some sort of hash scanning against known-bad data, there are datasets of hashes of files you could check against and deny the uploading or auto-delete/report to authorities if you wanted
Thanks for mentioning this, I really appreciate it. I will considering implementing hash scanning before encryption to help prevent illegal content.
I would not trust legal advice from a random person on Lemmy. US laws vary by state.
Safe Harbor in the DMCA (Digital Millennium Copyright Act) supersedes all state law and makes it clear that a content host acting in good faith is not liable for the bad actions of their users
I’ll be sure to tell that to the cops as they’re arresting me.
In the UK, if I opened a page that had CSAM on it but closed it as soon as I realised without opening the images, the fact that my browser has cached that page (with thumbnails) means I’m in possession & could be prosecuted.
So with that logic, if a person reports CSAM to police. The police first has arrest the person who reported it. Am I right?