0807 - share files with no account, no tracking, auto-delete and a Tor onion service (0807.st)

submitted 6 hours ago by 0807@lemmy.world to c/privacy@lemmy.ml

14 comments fedilink hide all child comments

Made a small file host focused on not leaving a trace.

No account, no ads, no trackers
You set when the file deletes itself (1 hour to 30 days, or after X downloads)
Optional password on files and notes
Reachable over Tor via an onion service
Self-hosted

For when you just need to hand someone a file without it sitting on a server forever or asking them to sign up anywhere.

you are viewing a single comment's thread
view the rest of the comments

[-] Pika@sh.itjust.works 15 points 5 hours ago

My only real question I have since there isn't any source code listed.

How secure/private is the actual file storage service? It runs over the onion project which is nice but, without source code there's no proof or evidence of encryption, nor proof that files actually delete as well as other logging style services that a privacy oriented service would normally have.

[-] 0807@lemmy.world 7 points 4 hours ago

Hello, there is currently no end-to-end encryption on the server I’ll explain why below. The reasons why

True end-to-end encryption (where I literally can't read your files) means the server only ever sees encrypted blobs. The problem is, that also means I can't scan anything, and right now every upload is checked against known CSAM and run through malware scanning.

Go fully zero-knowledge and I lose that capability entirely, which on an anonymous host is a real problem it basically turns into a blind dropbox for whatever people want to put there.

So it’s genuinely one or the other either I can see enough of the content to keep it clean, or I can’t see it at all and can’t keep it clean. I chose to keep it scannable, because for an open anonymous service, I think being able to block that kind of content is more important.

That’s the real reason there’s no at-rest encryption not laziness it would compromise security. I’m open to hearing how you’d weigh the pros and cons, though.

[-] defaultusername@lemmy.dbzer0.com 3 points 1 hour ago

You could do client-side scanning instead while checking a signature of the client's js to ensure that it is your code that's running.

load more comments (1 replies)

this post was submitted on 14 Jun 2026

36 points (84.6% liked)

Privacy

49085 readers

837 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS