his service has been created to offer a secure means to transfer one off information between two parties. There are some basic principles this has been designed to: That the writer can create a single note That the reader can read the note once, and once only After the note has been read, the contents are erased To support this we have ensured that only the writer and the reader can ever know the contents. So, technically behind the scenes the following happens: The writers note is submitted, and has any non-safe HTML removed to prevent any XSS attacks. A random dice ware pass phrase is created. The pass phrase is used to encrypt the writers message, which is then stored encrypted. The pass phrase is then hashed and stored. This hash value cannot be used to decrypt the message. The URL and pass phrase are displayed to the writer and this is the only time the pass phrase is shown When the correct URL is put into a browser, the pass phrase is checked against the stored hash. If correct, the given pass phrase (not the hash) is used to decrypt the message The message is then deleted from the database - effectively burned to ash There are a few limitations and enhancements we are working on. Messages are limited to 0.5 MB or 512 KB. It is something we're looking at larger sizes for subscribers Images are embedded into the message as a Base64 encoded image, so encrypted with the text as the above process Notes are checked to be auto burned every 15 minutes, so if you have a very specific time it may be a small lag of it being burned