GHOSTDROP
A message that vanishes is still a message.
Zero-Knowledge Architecture
AES-256-GCM ENCRYPTION
Military-grade encryption happens entirely in your browser. Data is encrypted before leaving your device. Server receives only encrypted gibberish.
URL FRAGMENT KEYS
Encryption key travels in URL fragment (#key) - never sent to server. We physically cannot access your data. Even if compromised, server contains only gibberish.
AUTO-DESTRUCTION
Messages auto-delete after first view or 24h expiry. Redis TTL ensures complete destruction. No recovery possible - true ephemeral messaging.
PRIVACY BY DESIGN
No accounts, no tracking, no logs. Anonymous by default. Even metadata is minimized. Your privacy is built into the architecture, not added as an afterthought.
BURN AFTER READING
Customizable timers with visual countdown. Choose between instant, 5s, 30s, or 1 minute destruction. Smooth animations and manual control for maximum flexibility.
PASSWORD PROTECTION
Optional extra security layer. Custom passwords encrypted client-side with message data. Double protection: encryption key + password. Zero server-side password storage.
How It Works
CREATE & ENCRYPT
Type message or upload file. AES-256-GCM encryption happens in your browser. Get secure link with key in URL fragment.
VIEW & DESTROY
Recipient decrypts client-side using key from URL. Message auto-destructs after viewing. No recovery possible.
Zero-Knowledge Guarantee
YOUR BROWSER
Encrypts data with AES-256-GCM
Key never leaves your device
OUR SERVER
Receives only encrypted gibberish
Cannot decrypt without key
SHARED LINK
Key travels in URL fragment (#)
Never sent to server
TECHNICAL PROOF: URL fragments (#key) are processed client-side only. Server logs show only the UUID - encryption keys are invisible to us.