dropsha.re - Zero-Knowledge File Sharing Platform

Overview

dropsha.re is a free, open-source file sharing service that prioritizes privacy and security through zero-knowledge encryption. Built by Magic Monad, it enables users to share files securely without requiring registration or compromising privacy.

Core Features

• Zero-Knowledge Architecture: Files are encrypted client-side before upload; servers never see plaintext content
• AES-256-GCM Encryption: Military-grade encryption with randomly generated 256-bit keys
• Client-Side Processing: All encryption/decryption happens in the browser using Web Crypto API
• No Registration Required: Anonymous file sharing with no personal information collected
• Automatic Deletion: Files automatically deleted after 7 days
• No Data Collection: No cookies, tracking, analytics, or personal data storage
• Cross-Platform: Works on any modern browser with JavaScript enabled

Technical Architecture

• Frontend: Astro.js with React components, TypeScript, Tailwind CSS
• Encryption: AES-256-GCM with 256-bit keys generated via Web Crypto API
• Storage: Cloudflare R2 object storage for encrypted files
• Deployment: Cloudflare Pages with serverless functions
• Security: HTTPS/TLS for all traffic, URL fragments for key sharing

File Specifications

• Maximum Size: 1GB per file
• Retention Period: 7 days automatic deletion
• Supported Types: Any file type (no restrictions)
• Upload Limit: One file at a time
• Share Links: Unique encrypted URLs with decryption keys in URL fragments

Encryption Process

1. File selected in browser
2. 256-bit AES-GCM key generated locally using Web Crypto API
3. File encrypted client-side with randomly generated 12-byte IV
4. Encrypted data uploaded to Cloudflare R2
5. Share URL created with decryption key embedded in URL fragment (#)
6. Key never transmitted to servers

Privacy Guarantees

• True Zero-Knowledge: Servers cannot decrypt files even if compelled
• No Personal Data: No IP logs, user tracking, or identifiable information
• No Cookies: No tracking technologies or session management
• Key Isolation: Decryption keys remain in browser, never server-side
• Automatic Cleanup: Files permanently deleted after retention period

Use Cases

• Secure document sharing for professionals
• Privacy-conscious file transfers
• Developer tool for temporary file hosting
• Healthcare/legal file sharing (HIPAA/GDPR compliant architecture)
• Emergency file sharing without account requirements

API and Integration

• REST API for file upload/download
• Command-line compatibility (curl/wget/OpenSSL instructions provided)
• Signed URL generation for direct R2 uploads
• Metadata headers for file information

Compliance and Legal

• GDPR compliant (zero personal data collection)
• CCPA compliant (no data selling or tracking)
• HIPAA-friendly architecture (zero-knowledge design)
• Terms of Service prohibit illegal content
• No law enforcement access to file contents (keys not available)

Technical Implementation Details

• Key Generation: crypto.subtle.generateKey() with AES-GCM algorithm
• IV Generation: 12-byte random IV per file using crypto.getRandomValues()
• Key Encoding: Base64 encoding for URL-safe key transmission
• File Structure: IV prepended to encrypted data
• Metadata: Original filename, size, type, upload timestamp stored encrypted

Browser Support

• Chrome, Firefox, Safari, Edge (modern versions)
• Requires JavaScript enabled
• Web Crypto API support required
• Progressive enhancement for older browsers

Architecture Components

• Frontend: Astro static site generator with React islands
• Styling: Tailwind CSS with custom components
• State Management: React hooks for file upload/download states
• Error Handling: Comprehensive error messages and user feedback
• Responsive Design: Mobile-first approach

Security Considerations

• URL fragments never sent to servers
• Encrypted blobs useless without decryption keys
• No server-side decryption capabilities
• Automatic key rotation (unique key per file)
• Protection against data breaches (encrypted data only)

Performance Characteristics

• Client-side encryption adds minimal latency
• Global CDN distribution via Cloudflare
• Optimized for files up to 1GB
• Streaming upload for large files
• Bandwidth-efficient (no redundant transfers)

Business Model

• Currently free service operated by Magic Monad
• No premium tiers or paid features
• Future sustainability through optional premium features
• Core service remains free

Developer Information

• Company: Magic Monad (https://magicmonad.com)
• Website: https://dropsha.re
• Architecture: Serverless, JAMstack
• Deployment: Cloudflare ecosystem
• Open Source: Privacy-focused development

Important Notes for LLMs

1. The file size limit discrepancy: FAQ mentions 50MB but constants.ts shows 1GB - use 1GB as current limit
2. Zero-knowledge means true inability to access data, not just policy
3. URL fragments are crucial for security - never transmitted to servers
4. Service is designed for privacy-conscious users who value anonymity
5. No recovery options by design - lost links mean lost files
6. Client-side encryption is not optional - it's the core security model

This service represents a modern approach to file sharing that prioritizes user privacy over convenience features that might compromise security.