Can SendSafely Read my Files and Messages?


No. We’ve come up with a process for sharing files that let’s us act like something of a blind middle-man.  Here’s how it works:

First, your browser loads our Java Client or JavaScript Client (depending on what type of browser you use).  Our server then sends the client a unique random value (we call this the Server Secret), which the client then combines with another random value it generates (we call this the Client Secret), in order to derive an OpenPGP pass phrase.  Note that while we know the Server Secret, we don’t know the Client Secret, and both are required to derive the pass phrase.  

Next, as you upload files the client encrypts each file using OpenPGP along with the derived OpenPGP pass phrase from the last step.  Lastly, once you’re finished, the client shows you a link that you manually email to your recipients so they can access the files.  The important part is that the Client Secret, which we don’t know, is included in the download link as a Fragment Identifier[1] (the part of the URL that follows a hash tag).  The reason this is important is that Fragment Identifiers, while part of a URL, don’t ever get sent to the server when the link gets clicked.  What this means is that when you send someone the link and they click on it, the Client Secret doesn’t get sent to us.  The user’s browser, however, DOES see the Fragment Identifier. This means that when the client loads to decrypt the files, it can read the Client Secret and recalculate the decryption key needed to read the files!


Have more questions? Submit a request