Documents, texts, and emails are easily accessed, copied, shared, and stored without your knowledge. It understandably makes many people wary of communicating sensitive matters online. Privnote offers a clever solution to this problem. It’s a free online service that lets you create text notes that self-destruct after being read. Anything you type into a privnote gets encrypted on the company’s servers before the link to access it appears. Only someone with that unique link view the note, and only for as long as you set it to be available. After a set amount of time, the note disappears from Privnote’s servers.
It means privnotes are virtually impossible to intercept in transit. There’s no unencrypted copy for hackers to steal. The encryption also prevents Privnote itself from accessing the contents of your notes. And because each link is unique, it can’t be guessed or brute forced to gain access after a note has expired. In simpler terms, it would take an impractically long time to crack. So, how exactly does privnote achieve this level of security? Here’s a quick rundown of what happens when you create one.
1. You type a message into the privnote website. It contains any form of secure text – a private letter, password, link, set of instructions, etc.
2. Privnote encrypts your message locally in your browser using JavaScript. It means your unencrypted text never leaves your device.
3. The encrypted message is sent to Privnote’s server along with your chosen expiration time. It is the only data transmitted over the internet.
4. On their server, Privnote decrypts your message using its private RSA key to reformat the text for proper display.
5. Privnote re-encrypts the now formatted note, both in transit and at rest in their database. The document can only be decrypted and read by anyone with the secret link.
6. When you access a privnote using the unique link, the encrypted note is fetched from the server and decrypted client-side in your browser. The unencrypted content is displayed, but only temporarily.
7. Once the set expiration time passes, Privnote permanently deletes the encrypted note from its server. The URL becomes invalid, preventing any future access.
Throughout this entire process, your original plaintext message remains protected from prying eyes. It is encrypted before leaving your device, while stored on Privnote’s servers, and in transit to authorized recipients. Only the intended reader’s browser ever decrypts it for viewing. Not even Privnote staff violate the privacy of your communications. They claim to operate under a zero-knowledge policy, meaning they technically have no way of knowing what data is passing through their servers.
Claims of true zero knowledge architecture are hard to fully validate. You’ll have to decide how much you trust Privnote’s assurances based on their reputation and transparency about security practices. They do appear far more trustworthy than many free online services collecting and monetizing user data. Despite these tradeoffs, Privnote remains the easiest and most secure method available today for sharing information privately online. The automatic encryption and expiration give you peace of mind that your notes won’t stick around forever, exposed to the world without your consent.