Thank you so much for testing it out and taking the time to open the issues, really appreciate the feedback! I’ll take a look and work on them soon.

Well, DeadDrop has name + password modal as well as direct link.

Yes, fork the code from github and host it on your own server.

Thanks for the detailed and thoughtful reply — I really appreciate the time you took to lay this out.

I know Aaron Swartz — big fan.

You're right about many of these points. The biggest challenge with any web-based cryptography project is trust in code delivery, especially when it's dynamically served. That’s a fundamental limitation of browser-delivered JavaScript, and I fully acknowledge it.

You're also absolutely right that true zero-knowledge isn't just about encryption — it's about removing trust assumptions. The server still being able to serve malicious JS is a valid and well-known concern. That’s why I’ve made the code open-source and encourage self-hosting for anyone who doesn’t trust DeadDrop or me.

To clarify a few things:

-No JavaScript is sent after the file metadata is submitted — only the encrypted metadata and the file are transferred after the password is verified locally. I’m also planning to encrypt metadata (including filenames) to limit what the server can see.

-DeadDrop uses salted encryption. I'm using a proper key derivation function (PBKDF2) with a salt, which makes brute-force attacks significantly harder.

You’re right that unless users host the project themselves, they have to trust me — just like users of Signal technically have to trust their app stores and client builds. So, trust is a fundamental principal for a service like this and I promise the code that is delivered on the browser is same as on the github. However, if you don't trust my instance, you can review, fork, and self-host it easily.

I’m not claiming DeadDrop is flawless — just that it’s a sincere attempt to build a privacy-first, zero-knowledge file-sharing tool. I am truly grateful for your feedback, thanks again.

Fair point — I should’ve been more careful with the wording. I’ve open-sourced the code exactly so that people can audit, test, and critique it. I don’t expect blind trust, and I’m not claiming it’s perfect, just that I built it with privacy in mind.

If you have concerns, I’d genuinely appreciate feedback or a review. My goal is to improve it, not just promote it

Well, it is open source ( https://github.com/Rayid-Ashraf/deaddrop )

Yeah, that is the problem, If I started doing this, what is the point of being anonymous then.

Well, everything has its own pros and cons

I guess the people who care about privacy use Crypto. If i incorporated regular payment system, it will violate the core principle of the website i.e. to protect privacy and anonymity.

Absolutely not. DeadDrop is built with privacy and security in mind, strictly for legitimate, ethical file sharing. It’s designed to empower users to share sensitive but legal information safely, not for any illegal activity.

I do not support or tolerate any use of the platform for sharing harmful or illegal content like CSAM. If such misuse is detected or reported, the file will be permanently deleted and the IP address will be blocked.

To be honest, there is not much I can do about it. However, if anybody found any illegal content, He/she can report it to me with name and password. I will verify the file and permanently delete it if their was anything offensive or illegal.

Yes, it does cost me. For now, there is a 10MB limit. If this worked great, i will add a paid plan to upload big files. The payment would be done in crypto and cost will depend on the file size. In this way, i could keep the service running as well as protect the privacy and anonymity of the user