Open Source

hdrop is developed in the open on github.com/ZitaneLabs/hdrop. Feel free to contribute!

Crypto APIs

hdrop exclusively uses the WebCrypto API provided by the browser to encrypt files on your own device, before sending them to the server. We have taken great care to ensure that the encryption process is as secure as possible, and that the server never has access to your files or their contents.

File Storage

Files are stored on the server for a maximum of 24 hours, after which they are automatically deleted. File metadata such as file name, creation date, etc. as well as the full file contents are end-to-end encrypted.

File Access

Files are only accessible by anyone who has both the link to the file and the password. The password is generated on the client using a secure random source provided by the WebCrypto API. The secure password is then used to derive the cryptographic key using the PBKDF2 key derivation algorithm. The password itself is not stored on the server, and we do not even hand out the encrypted file contents until the user proves knowledge of the password by solving a cryptographic challenge.

Further Information

The full details of our security model can be found in the GitHub repository.