Show HN: Hidetext.sh – encrypted pastebin where the server never sees the key
No tagline provided.
View Origin LinkProduct Positioning & Context
Hi HN! I built hidetext.sh — a way to share text, code, and files through links the server can't read.How it works: your browser generates a random key and encrypts everything locally (NaCl secretbox, XSalsa20-Poly1305). Only ciphertext is uploaded. The key goes into the URL fragment — the part after # — which browsers never send to servers. The link carries the key, my server stores the locked box, and the two only meet in a browser.A design detail I'm fairly happy with: burn-after-read doesn't destroy the paste on the first HTTP request. The naive version means a Slack or iMessage link preview "reads" your paste before the recipient ever opens it. Instead, the reader's tab sends a heartbeat, and the paste is deleted only once nobody is watching it anymore.Being upfront about the limits (full page at hidetext.sh/how-it-works): you're trusting the JavaScript I serve — inherent to any browser-based E2E tool; filenames are stored in plaintext (contents aren't); and anyone holding the link can read the content, because the link is the key. No accounts, no cookies, no analytics, IPs aren't stored.Stack: Next.js static on Cloudflare Pages, Pages Functions, D1 for metadata, R2 for encrypted blobs.It's free. I'd love feedback — especially on the threat model and anything you'd expect from a tool like this that's missing.
Related Ecosystem & Alternatives
Discover adjacent products, open-source repositories, and developer tools sharing similar technical architecture.
Deep-Dive FAQs
What is Hidetext.sh – encrypted pastebin where the server never sees the key?
Hidetext.sh – encrypted pastebin where the server never sees the key is a digital product or tool described as: Hi HN! I built hidetext.sh — a way to share text, code, and files through links the server can't read.How it works: your browser generates a random...
Where did Hidetext.sh – encrypted pastebin where the server never sees the key originate?
Data for Hidetext.sh – encrypted pastebin where the server never sees the key was aggregated directly from the Hacker News community ecosystem, representing raw developer and early-adopter sentiment.
When was Hidetext.sh – encrypted pastebin where the server never sees the key publicly launched?
The initial public indexing or launch date for Hidetext.sh – encrypted pastebin where the server never sees the key within our tracked developer communities was recorded on July 12, 2026.
How popular is Hidetext.sh – encrypted pastebin where the server never sees the key?
Hidetext.sh – encrypted pastebin where the server never sees the key has achieved measurable traction, logging over 7 traction score and facilitating 1 recorded discussions or engagements.
Are there open-source alternatives related to Hidetext.sh – encrypted pastebin where the server never sees the key?
Yes, the GitHub ecosystem contains correlated projects. For example, a repository named 0xdeadbeefnetwork/ssh-keysign-pwn shares highly similar architectural descriptions and topics.
How does the creator describe Hidetext.sh – encrypted pastebin where the server never sees the key?
The original author or development team describes the product as follows: "Hi HN! I built hidetext.sh — a way to share text, code, and files through links the server can't read.How it works: your browser generates a random key and encrypts everything locally (NaCl secretb..."
Community Voice & Feedback
No active discussions extracted yet.
Discovery Source
Hacker News Aggregated via automated community intelligence tracking.
Tech Stack Dependencies
No direct open-source NPM package mentions detected in the product documentation.
Media Tractions & Mentions
No mainstream media stories specifically mentioning this product name have been intercepted yet.
Deep Research & Science
No direct peer-reviewed scientific literature matched with this product's architecture.
SaaS Metrics