Security Policy
Architecture details, vulnerability disclosure, and known limitations
1. Reporting a Vulnerability
Please include the following in your report:
- Description of the vulnerability and affected component.
- Steps to reproduce the issue.
- Potential impact — what could an attacker achieve?
2. Implemented Security Features
AES-256-GCM Encryption
Files are encrypted at rest with per-file key wrapping. Compromise of the master key does not expose past encrypted content.
Metadata Stripping
DOCX and PDF metadata is automatically scrubbed on upload. Author, computer, and revision info are removed.
HMAC-SHA256 Integrity
Content hashes are keyed with a secret salt. Prevents correlation with public file databases to track uploader identity.
Zero-Knowledge Quotas
Rate limits use pseudonymous HMAC tags. A database leak alone cannot link activity cycles to a real user account.
IP Stripping Middleware
Forwarding headers are purged before reaching route handlers. Application code never sees or logs visitor IP addresses.
Ephemeral Ephemeral
Files auto-delete between 1m and 24h. Expired files are physically wiped from disk, not just marked inactive.
3. Known Limitations
Network-Level Visibility
Application-layer IP stripping cannot hide your identity from the hosting provider, CDN, or ISPs. If your threat model requires IP anonymity, you must use Tor or a VPN.
Browser & TLS Fingerprinting
The specific way your browser connects to the server (JA3 handshake) can be used to identify your software stack. Use the Tor Browser to mitigate fingerprinting risks.
4. User Security Guidelines
- Use the shortest possible expiry — files deleted sooner are safer.
- Never share sensitive links via indexed or public channels (e.g. public Discord).
- For high-stakes anonymity, Always access ShareSecure via the Tor Browser.
- Use the Delete Token to manually purge files as soon as they are no longer needed.