deddit.petersanchez.com

Made a way to share links privately (qrc.site)
from RommieDroid@programming.dev to programming@programming.dev on 24 Jun 09:36
https://programming.dev/post/32787606

I made this tool so you can share ‘locked’ links safely & anonymously with a password. It gives you plausible deniability and crowd blending when sharing privates links.🔒

https://qrc.site/anon (open sauce) 🦑

#programming

threaded - newest

KoboldCoterie@pawb.social on 24 Jun 10:36 next collapse

Makes privacy-focused service

Disallows access through VPNs

Mate…

RommieDroid@programming.dev on 25 Jun 01:02 collapse

Sorry 😂 Thought I exempted the /anon route from headless, VPN and proxy checks but forgot one of the VPN functions, fixed now! The /anon route is not checked. It was unfortunately needed because of a very costly bot attack abusing a service I had.

calcopiritus@lemmy.world on 24 Jun 13:37 collapse

I don’t see the use case.

There’s 2 secrets here: the link and the password. And to share it with someone you need to share 2 secrets: the locked link and the password.

Why not use the same method you used to share the password to share the link instead? Without the need for this service.

KoboldCoterie@pawb.social on 24 Jun 16:37 next collapse

Not that I’d use this service for it, but I’ve had use cases for this sort of thing. It’s not so much about plausible deniability as OP wants to sell it as, but more about security. You send the locked link (or a PW protected file or whatever) via, say, email, and the password through a text message. Then, in order for the data to be stolen, the attacker would need access to both of those, rather than only one. It’s niche, but I’ve needed to do it for my job before, so I can at least see the point.

RommieDroid@programming.dev on 25 Jun 01:33 collapse

Files are a whole other issue. If I was to make a file upload, it would be my site (encrypts & uploads data)->uploadthing.com->AWS T3 Buckets->returns link. Because if it was bad content my site cant do the decryption without being liable, so for decryption->open sauce decryption system->hosted on popular free platforms you can’t block->decrypts data and hides original file.

KoboldCoterie@pawb.social on 25 Jun 01:37 collapse

There’s already services like Box.com that offer similar functionality for files.

As a suggestion, having an option to have the string deleted after it’s been accessed once would be nice as an extra layer of protection.

RommieDroid@programming.dev on 25 Jun 01:13 collapse

Yeah, I appreciate the feedback. I need to do more, so the link isn’t a secret, e.g. any password will decrypt any link to text so if you use the wrong password you get wrong data possibly a different link, that hides if you were wrong or right. Then you only need to share one secret via a separate channel.