What is this?
Remember in spy movies when someone leaves a briefcase under a park bench, and someone else picks it up later? That's a dead drop.
This is that, but for files. And the briefcase is encrypted with military-grade cryptography. And the park bench self-destructs after pickup. And nobody — not even the bench — knows what's inside.
You Your friend
│ │
│ dd ./secret-plans.pdf │
│ ─────────────────────► │
│ here's a link + QR code │
│ │
│ (sends link via Signal) │
│ │
│ opens link in browser
│ browser decrypts locally
│ downloads the file
│ │
│ 💥 file self-destructs │
│ 🛑 server shuts down │
│ │
│ what file? there was no file. │
Features
| Feature | Description |
|---|---|
| 🔐 End‑to‑end encrypted | XChaCha20‑Poly1305. The server never sees the key. Ever. |
| 🔗 Key in URL fragment | The #key part never hits server logs, proxies, or HTTP headers |
| 💥 Self‑destruct | Expire by time, by download count, or both |
| 📱 Works on phones | Receiver only needs a browser. No app. No account. No signup. |
| 📁 Send folders | Directories auto‑pack to .tar.gz before encryption |
| ♾️ Unlimited file size | Streams from disk — your 50GB file won't eat your RAM |
| 🔑 Optional password | Argon2id key derivation (64MB memory‑hard, GPU‑resistant) |
| 📦 Single binary | No runtime, no Docker, no config files. Just one executable. |
| 📲 QR code | Because typing URLs is for people who still use fax machines |
Installation
Download a binary
Grab the latest release for your OS from Releases.
Build from source (you rebel)
# Binary at: target/release/dd
Via cargo
Usage
The basics
# Send a file
# Send a folder
# That's it. That's the tool.
The spicy options
# Self-destruct after 1 download, expire in 10 minutes
# Password-protected (because you're paranoid, and that's ok)
# Custom port
# No QR code (you hate fun)
# Go full Mission Impossible
What you see
██████╗ ███████╗ █████╗ ██████╗ ██████╗ ██████╗ ██████╗
██╔══██╗██╔════╝██╔══██╗██╔══██╗██╔══██╗██╔═══██╗██╔══██╗
██║ ██║█████╗ ███████║██║ ██║██████╔╝██║ ██║██████╔╝
██║ ██║██╔══╝ ██╔══██║██║ ██║██╔══██╗██║ ██║██╔═══╝
██████╔╝███████╗██║ ██║██████╔╝██║ ██║╚██████╔╝██║
╚═════╝ ╚══════╝╚═╝ ╚═╝╚═════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝
⚡ zero-knowledge encrypted file sharing ⚡
┌──────────────────────────────────────────────────┐
│ URL http://192.168.1.42:8080/d/a3f9c1b2#xK9m │
│ │
│ ├─ File secret.pdf │
│ ├─ Size 4.2 MB │
│ ├─ Expires 10m │
│ ├─ Downloads 1 │
│ └─ Crypto XChaCha20-Poly1305 │
└──────────────────────────────────────────────────┘
█▀▀▀▀▀█ ▀▀▀█▄█ █▀▀▀▀▀█ <- QR code appears here
█ ███ █ █▀█ ▀▄ █ ███ █ scan with phone
...
What the receiver sees
A clean, dark download page in their browser. Click "Download & Decrypt" → file decrypts locally in their browser via WebAssembly → downloads to their device. The server never touches the plaintext.
Flags Cheat Sheet
| Flag | Short | Default | What it does |
|---|---|---|---|
--port |
-p |
8080 |
Port to listen on |
--expire |
-e |
1h |
Auto‑expire (30s, 10m, 1h, 7d) |
--downloads |
-n |
1 |
Max downloads before self‑destruct (0 = ∞) |
--pw |
— | None | Require password (Argon2id derived) |
--bind |
-b |
0.0.0.0 |
Bind address |
--no-qr |
— | false |
Hide QR code |
How It Works
Sender Server (your machine) Receiver
│ │ │
│ 1. Encrypt file with random key │ │
│ 2. Store ciphertext on disk │ │
│ 3. Key goes in URL #fragment │ │
│ ──────────────────────────────► │ │
│ │ 4. Receiver opens URL │
│ │ ◄──────────────────────────────│
│ │ 5. Serve encrypted blob │
│ │ ──────────────────────────────►│
│ │ │
│ │ 6. Browser extracts #key │
│ │ 7. WASM decrypts locally │
│ │ 8. File downloads │
│ │ │
│ │ 💥 Self-destruct │
│ │ 🛑 Server shuts down │
The critical insight: the #fragment in a URL is never sent to the server. Not in HTTP requests, not in logs, not in referrer headers. The server literally cannot learn the key even if it tried.
Threat Model
✅ Protected against
- Server operator learning file contents (zero‑knowledge)
- Man‑in‑the‑middle reading the key (it's in the fragment, not in transit)
- Server logs leaking the key (fragments aren't logged)
- Brute force (XChaCha20-Poly1305 with 256-bit keys = good luck)
- GPU attacks on passwords (Argon2id with 64MB memory cost)
❌ NOT protected against
- Someone who has the full URL with the
#key(that IS the key) - Malware on sender/receiver device
- Your friend screenshotting the file and posting it on Twitter
- Rubber hose cryptanalysis (look it up, it's not pretty)
- Time travelers
Technical Details
| Component | Choice | Why |
|---|---|---|
| Encryption | XChaCha20‑Poly1305 | 256‑bit, extended nonce, AEAD. Used by WireGuard, Cloudflare, etc. |
| KDF | Argon2id | Memory‑hard, GPU‑resistant. Winner of the Password Hashing Competition |
| Chunk size | 64KB | Balances streaming performance vs. auth tag overhead |
| Server | Axum (Rust) | Async, zero-copy, no garbage collector |
| Browser crypto | WebAssembly | Same Rust code compiled to WASM, runs in-browser at near-native speed |
| Nonce derivation | base XOR chunk_index | Per-chunk unique nonces without storing them |
| Binary embedding | rust-embed | HTML, CSS, JS, WASM all baked into the single binary |
Memory Usage
| File Size | Server RAM (Sender) | Browser RAM (Receiver) |
|---|---|---|
| 1 MB | ~5 MB | ~5 MB |
| 100 MB | ~5 MB | ~200 MB |
| 1 GB | ~5 MB | ~2 GB (desktop) |
| 10 GB | ~5 MB | Desktop only (streaming) |
The server uses constant memory regardless of file size. It streams encrypted chunks from disk.
FAQ
Q: Is this legal? A: It's a file sharing tool with encryption. Like Signal, or HTTPS, or putting a letter in an envelope. What you put inside is your business.
Q: Can I use this at work? A: Your IT department will either love you or fire you. No in-between.
Q: Why not just use Google Drive? A: Google Drive knows your files. Deadrop doesn't. That's the whole point.
Q: What happens if I lose the URL? A: The file is gone. That's... the feature. It's a dead drop, not Google Photos.
Q: Can the server operator see my files? A: No. The encryption key is in the URL fragment which never reaches the server. The server only holds meaningless encrypted bytes.
Q: Why Rust? A: Because we wanted the binary to be fast, safe, and have zero dependencies. Also because we enjoy fighting the borrow checker on Friday nights.
Contributing
PRs welcome. Here's what's on the radar:
- Receiver‑side streaming decryption for huge files on mobile
- Built‑in HTTPS (rustls + auto‑generated certs)
-
dd receivemode (pull instead of push) - Clipboard mode (
echo "secret" | dd -) - Tor hidden service mode
- Multi‑file drops
- Web UI upload mode
License
MIT — do whatever you want. Just don't blame us if your dead drop gets intercepted by actual spies.