USE: How to use Displosure.com

Usage is simple:

  1. visit Displosure.com type your message in the box and click the button that says generate message link.
  2. Then choose one of the two options to copy your message link with the encryption key already in the url
    • What's the difference: Copy message link has a message for a new user that says they have a disposable message and is more geared to new users or first time recipients and copy just the link just copies the link with no instructions etc.
  3. Take whatever link you copied and text it, email it, send it via facebook, post it online etc.
  4. Once the recipient clicks the link they will see a page telling them if they click READ the message will be decrypted and shown to them and then immediately deleted.
  5. Recipient clicks link, message is decrypted and displayed and is erased from our system.
  6. Any further attempts to load that message link will show a 404 error page as if it never happened.
  7. Success

HOW: How does it work

It's already working before you begin. Upon browsing to our site you are already forced to use an SSL to securely encrypt your communications between your browser and our servers. (more about ssl's via wikipedia here and easier via this godaddy marketing video from youtube here [not promoting GoDaddy, it was just a good video explanation] ) This means anything you view, type, click or submit is encrypted from your web browser to our servers.

Once you have added text to the message box and click Generate Message Link your text is sent via SSL to our server where a randomly generated per message key is used to encrypt your message, then the encrypted message is stored in our database and the key is not stored with us but is presented to you as part of the url string that you copy and send to your recipient, meaning that after the message is encrypted, only you have the key and it can only be used by you or whoever you give it to unencrypt the message.

When the recipient visits the url, the message id (mid) is used to check the db to see if there is a message with that id and if successful the user is shown a page that says there is a message waiting for them and to click READ to view the message, if there is no message with that id a 404 page will be displayed saying message not found.

Once the recipient clicks READ the message is retrieved from the database and the encryption key from the generated link is used to decrypt and display the message and in the same transaction the message is removed from our database.

Additionally, our server logs no personally identifiable Information (PII) as to protect the privacy of our users and their recipients.

WHY: Why is Displosure.com needed

TRUST: How Can We Trust Displosure.com

Trust no one!

Seriously, That is why we don't store the keys to your messages, we give them to you, since we dont' have your keys we can't read your messages, and since your message can only be read once, be careful to make sure you only give your message urls to the recipient you want to see your message.

Be aware that transmitting the links show that you sent a message, but once the message is read and deleted there is no way to view its content again.

You can delete a message sent just by viewing the url yourself thus removing the message for the intended recipient but you have to do this before they read it.

Keep in mind a recipient can screen shot or copy the message but nothing in the message has any identifiable information on the sender and supplemental attempts at the link will show a 404 page that says the message doesn't exists

If your are trying to communicate something of secret and importance it's always best to speak vaguely in a way the recipient will understand as to further protect your privacy in case someone intercepts your link with your key

In future versions we hope to create a way were they keys can be delivered separately perhaps by voice etc and the end user will get the link and type in a simple key word that will be a passphrase to an ssh key etc and used to decrypt the message to further enhance the system but also this would be for the extreme circumstances where extra security is warranted. The default method is pretty secure and we use it ourselves all the time.

Speaking of interception, how could things go wrong?

Originally we didn't have the click to read page, we had link that displayed a message and funny thing about Facebook Messenger is it likes to do message previews, so when the messenger client went to the link to make its preview, it burned the message.

It was a fun learning experience but is also a reminder that sometimes things do get intercepted, this isn't a big deal, we put a click to read button first and the preview links are no longer an issue.

but what if someone has a key logger on your machine, or is intercepting or reading your texts or emails, to that we say you have a bigger problem then needing a way to send a private message via a link, however, if your recipient attempts to read the message and it says it doesn't exists, and you didn't read it yourself, the content you sent may be exposed and you should react accordingly, ie: scan your phone or computer for trojans, key loggers, virus etc, change any passwords or secrets you have shared, and basically do anything you can to make sure a potential leak no longer has any impact on whatever you have going on.

Who: Who runs Displosure.com

Technology Nerds that believe in privacy, security and technology

COST: Free

Temporarily storing small amounts of disposable text is not expensive, and our hosting bill is covered by donations by community members and project developers, it is our intent to keep it this way. Text is small, costs are low, and ads suck.

DEMO: Demo Video

Coming Soon

Links: Links to site we love and care about

CHANGE: Change Log:



↸╎ᓭ!¡ꖎ𝙹ᓭ⚍∷ᒷ