Well, it started with a small program I wrote for myself, to get rid of some distractions (in my case video games) during my exams. I needed a way to change the login passwords (and email addresses) of my game accounts to something I don't know (so that I can't play anymore), but with the possibility to get the passwords back after a specified date (after I finished my exams).
As I thought that other people might want to have a similar tool I created this Website. You can use it to create a secret message, which can be accessed after a specified expiration time. This message can e.g. contain the changed password for an online game, or it can be a message to someone else, who shall not be able to read it before the expiration time.
As I thought that other people might want to have a similar tool I created this Website. You can use it to create a secret message, which can be accessed after a specified expiration time. This message can e.g. contain the changed password for an online game, or it can be a message to someone else, who shall not be able to read it before the expiration time.
2. You want to steal our accounts, don't you?
No! Every secret has a unique ID, which is used to encrypt your secret's title and message before it is send to the server. The title and message are encrypted with AES using the CryptoJS 3 JavaScript library. The ID itself is hashed with SHA-256 before it is send to the server. Consequently, I can't decrypt the title and message as I don't have the secret's ID in plain text, which is required to decrypt your secret.
If you open your secret the title and message will be decrypted locally in your browser using the plain text ID you entered in the search box. Consequently, only people with access to the plain text ID can read the secret.
If you open your secret the title and message will be decrypted locally in your browser using the plain text ID you entered in the search box. Consequently, only people with access to the plain text ID can read the secret.
3. So my secrets are 100% safe?
No, as people might guess the ID (which is not easy as there are a lot of possible combinations). Nevertheless, you should NEVER put all account information (username/email & password) in one secret. If you split these information over several secrets (e.g. the new, temporary email address in one and the new, temporary password in another secret) you should be safe, as the secrets can not be linked to you.
4. Ok I want to create a secret, what do I have to do?
Creating a secret is really simple. Just click onto "Create Secret", enter a title and a message, select an expiration time and click "Create".
ATTENTION! Write down the secret's ID. You'll need it to open the secret later on. Without the ID the original title and message can't be decrypted and are lost.
ATTENTION! Write down the secret's ID. You'll need it to open the secret later on. Without the ID the original title and message can't be decrypted and are lost.
5. How can I make my account information more secure?
To improve security you can combine this service with a password manager, e.g. KeePass. Using it, you can create a new safe and use it to store the account information. Then store the safe's password in a secret. This way, even if someone guesses the secret's ID he can't access the account information, as he does not have access to the password safe.
6. I forgot my secret's ID, can you help me?
No, unfortunately there is nothing I can do. Even if I would somehow be able to identify your secret in the database, the title and message can't be decrypted without the ID.
7. Can you help me to acces my non-expired secret?
No. First of all I don't know if you are the creator of the secret. Additionally, this would contradict the purpose of this service.
8. Can you delete my secret or will secrets be deleted automatically?
No, I won't delete any secret, unless it contains illegal content. If you found such a secret please write me an email.
Secrets that are not expired won't be deleted automatically in any case. I don't plan to automatically delete expired secrets right now, but this may change in the future.
Secrets that are not expired won't be deleted automatically in any case. I don't plan to automatically delete expired secrets right now, but this may change in the future.
9. I am distracted by a Website that does not need a login, can you help?
"Unfortunately" there are also Websites (like 9gag ;)), which can be extremely distractive, but don't require a login. In that case you need a program that will block these Websites, which can be protected with a password, so you can't unblock the Websites until the secret has expired and you have access to the password.
Some anti-virus programs offer such functionality. If there is an easy to use program on the Web which fulfills the mentioned requirements, write me an email and I will suggest it here.
Some anti-virus programs offer such functionality. If there is an easy to use program on the Web which fulfills the mentioned requirements, write me an email and I will suggest it here.
10. I am using Opera and the site is not working.
Opera seems to have a bug and can't execute for (... in ...) loops in JavaScript. Without working JavaScript you won't be able to use this Website. Let's hope that Opera fixes this bug really quick.