Frequency Asked Questions
-
How secure is 1ty.me?
-
1ty.me runs only in HTTPS. Meaning any data transferred to or from the server is encrypted. All notes are encrypted before being stored on the server and only a portion of the key to decrypt is contained in the URL. This URL is not stored on the server, so only the link can decrypt the notes. Once the notes are viewed the encrypted notes are removed from the system. Pretty secure.
-
How are the notes stored before being read?
-
The notes are encrypted and put into a database. The URL is hashed so you can not link a URL to a note directly.
-
Can I retrieve a note after it has been read?
-
No. It is removed from the system after being displayed once.
-
Can you read the notes?
-
No. The notes are encrypted using a key that is never stored on the server. Only the valid URL can display the notes. Once the notes are viewed the encrypted notes are removed from the system and the link can not be viewed again.
-
How do I know the note has been read?
-
You may choose to enter your email address when creating a note to receive a email notifying you the note has been read. You may also enter a reference to keep track of the note if sending multiple URL's. The email address is encrypted in the same fashion as notes and deleted upon the note being viewed.
-
But this is what public/private key (asymmetric) cryptography is for? Why not use PGP?
-
We agree. If you and your recipient can use asymmetric cryptography (like PGP) then go for it. But our clients do not want to deal with that! They do not see the problem of sending passwords over regular email. This is easy enough for anyone to use without the knowledge of asymmetric cryptography.