Hi ,
Lately, I’ve been working on a small project called deaddrop.space. I’m posting it here because I thought it might be handy to those who care about privacy and control over their data.
It’s a secure, anonymous file-sharing platform built to prioritize privacy, control, and simplicity. Unlike typical services that ask you to sign up, verify emails, or accept endless terms, DeadDrop lets you upload and share files — no accounts, no tracking, no nonsense.
Here’s how it works:
- You upload a file, set a name, password, expiry date, and max number of downloads.
- To share it, just provide the recipient with the name and password (or a direct link).
- Files are encrypted in the browser using AES-256 before they ever leave your device.
- No raw files or passwords are sent to the server — it’s zero-knowledge encryption.
That means even I, the creator, can’t decrypt or access the files.
BTW, it is open source : https://github.com/Rayid-Ashraf/deaddrop
Would love to hear what you all think — feedback and suggestions are welcome!
To be honest, there is not much I can do about it. However, if anybody found any illegal content, He/she can report it to me with name and password. I will verify the file and permanently delete it if their was anything offensive or illegal.
So you’ve built a platform with an ideal use case that you’re absolutely opposed to but have no mechanism to control or even detect.
Well, everything has its own pros and cons
Have you considered that as the host, you’re the only person who is not anonymous?
If someone did upload something illegal, and share it with a community, only one member of that community needs to get busted for you as the host to be identified as the “source”.
I’m aware that in civil cases hosts are liable for the content they host, but criminally? IDK.
Anyhow, I didn’t intend to dump on your project. I hope I’m wrong and it all goes great. I look forward to being downvoted to oblivion.
I am considering going to UAE :)
So now you’re moving to avoid jurisdiction rather than just not enabling csam?
I want to be very clear: I do not condone CSAM or any illegal activity. DeadDrop is simply a privacy-focused file-sharing service — like many tools that value anonymity, it can be misused, but that’s not its purpose or intent.
To your question: I’m not trying to “avoid jurisdiction” — I’m trying to build a service that respects privacy and anonymity, which I believe are fundamental rights. Unfortunately, any privacy tool (from Signal to Tor) can be exploited. The challenge isn’t the tool itself, but how we handle misuse without compromising basic freedoms for everyone else.
If we shut down every tool that could be misused, we’d also be shutting down freedom of speech, press, and secure communication. That’s not a solution — it’s just pushing the problem elsewhere.
That’s a very reasonable response, and I’m not sure how to put into words the reasons I disagree.
I think i would say that while privacy is important and should be valued, I believe that protecting against the harm that individuals can do with tools such as this one is a greater good for society than the harm caused by ensuring that tools such as these are not allowed.
Well, one service shuts down and they move on to another. Instead, deal with the real culprits that do these illegal things. Shutting my or anyone else’s services will make no change.
Perhaps you should look up zero knowledge encryption.
How do you mean verify the file?
By verify, I mean to check whether there is really something illegal in the file or not
But how would you do this if you can’t see in the files?
Edit: Ah, I see, if they gave you the password.
Edit 2: You might want to look at local laws. In many places, ‘checking’ to see if there is CSAM is still considered viewing CSAM.
Oh boy! Didn’t know about that. But how do other platforms like dropbox, whatsapp and telegram tackle these problems. Don’t they first have verify a content to delete or report about it.
If you’re in the US our laws would allow you to view the file to check if it does indeed violate the law, so long as you properly delete it and any potential backup of it immediately
You’re safe from being sued or held liable for hosting it due to the nature of your platform, and the required checking of the content before removal would be allowed (you could also theoretically leave it to the police to send you takedown requests instead, then you don’t even have to subject yourself to the potentially bad material)
You could also implement some sort of hash scanning against known-bad data, there are datasets of hashes of files you could check against and deny the uploading or auto-delete/report to authorities if you wanted
Thanks for mentioning this, I really appreciate it. I will considering implementing hash scanning before encryption to help prevent illegal content.
I would not trust legal advice from a random person on Lemmy. US laws vary by state.
Safe Harbor in the DMCA (Digital Millennium Copyright Act) supersedes all state law and makes it clear that a content host acting in good faith is not liable for the bad actions of their users
I’ll be sure to tell that to the cops as they’re arresting me.
In the UK, if I opened a page that had CSAM on it but closed it as soon as I realised without opening the images, the fact that my browser has cached that page (with thumbnails) means I’m in possession & could be prosecuted.
So with that logic, if a person reports CSAM to police. The police first has arrest the person who reported it. Am I right?