Hacker News new | ask | show | jobs
by stophecom 1813 days ago
It is done entirely on the client. You can check the source code. Read more on scrt.link/security.
1 comments
ALittleLight 1813 days ago
But if the key is added to the link itself then you could be storing the encrypted string and decrypting it after getting a request for a link that contained the key.

I'm not accusing you of that - just saying there is no way to prove that's not happening.

link
stophecom 1813 days ago
The part of the URL holding the encryption key is not sent to the server. https://stackoverflow.com/questions/14462218/is-the-url-frag...

Don't take my word for it :) You can check all code that runs in your browser and check all requests made within the network tab.

link
ALittleLight 1813 days ago
Okay, nice! I withdraw my comments.
link