Disappear.net - Frequently Asked Questions (FAQ)

What is Disappear.net?

Disappear.net is an ephemeral messaging and file-sharing platform that allows you to securely share notes and files using mnemonic phrases instead of traditional links or URLs. It emphasizes privacy and security by ensuring that only the intended recipient, who possesses the mnemonic, can access the shared content.

How does Disappear.net work?

1. Mnemonic Generation: You can either provide your own mnemonic phrase (less secure) or generate a secure one using the BIP39 standard, commonly used for generating cryptocurrency keys.
2. Encryption: The mnemonic is used to deterministically derive an encryption key. Your content is encrypted in your browser using this key before being sent to the server.
3. Storage: The server only holds the encrypted data and does not have access to the encryption keys.
4. Indexing: The server indexes the encrypted data using a hash of the mnemonic (generated client-side). This allows retrieval of the data without revealing the mnemonic itself.
5. Expiration: You set an expiration time for the content (up to 48 hours). After this time, the content is automatically deleted from the server.

To retrieve the content, the recipient enters the mnemonic on Disappear.net. The website uses the mnemonic to derive the same encryption key and fetches the encrypted data using the hash, and decrypts it in the browser.

Why use mnemonics instead of links?

Using mnemonics enhances privacy and security:

• No URLs to Intercept: Since you share a mnemonic phrase instead of a link, there's no URL that can be intercepted or monitored.
• Client-Side Encryption: All encryption and decryption happen on the client side. The server never has access to your unencrypted data, mnemonic, or keys required to decrypt it.
• Anonymity: There's no need to provide personal information or create an account to use Disappear.net.

How do I generate a secure mnemonic?

When uploading content:

• Secure Mnemonic: Choose the option to generate a secure mnemonic. You'll be prompted to scribble on a canvas. This action generates entropy, which is used to create a random mnemonic phrase using the BIP39 standard.
• Custom Mnemonic: Alternatively, you can enter your own mnemonic phrase. However, this is less secure and not recommended for sensitive content. Custom Mnemonics are open to brute-force.

What is the BIP39 standard?

BIP39 is a widely accepted standard for generating mnemonic phrases, primarily used in cryptocurrency applications for creating secure keys. It converts random entropy into a set of easy-to-remember words, enhancing both security and usability.

How secure is Disappear.net?

End-to-End Encryption: Your data is encrypted on your device before it's sent to the server and decrypted only on the recipient's device.

Server Does Not Store Keys: The server stores only the encrypted data and a hash of the mnemonic for indexing. It cannot decrypt the content.

No Personal Data Required: You don't need to create an account or provide personal information to use the service.

How do I share a note or file?

1. Upload Content: Go to the "Put" page, select whether you want to share a text note or a file, and upload your content.
2. Set Expiration: Choose how long the content should be available (up to 48 hours).
3. Generate Mnemonic: Generate a secure mnemonic or provide your own (not recommended).
4. Share Mnemonic: Share the mnemonic phrase with the recipient through a secure channel.

How does the recipient retrieve the content?

1. Access Disappear.net: The recipient visits the Disappear.net website.
2. Enter Mnemonic: On the "Get" page, they enter the mnemonic phrase you provided.
3. Decrypt Content: The website uses the mnemonic to retrieve and decrypt the content in the browser.

What happens after the expiration time?

After the set expiration time, the encrypted data is automatically deleted from the server and storage. This ensures that your content does not persist indefinitely.

Can I retrieve the content multiple times before it expires?

Yes, the content can be retrieved multiple times before the expiration time. We might be adding a feature to delete the content after the first retrieval or other self-destruct options in the future.

Is it possible for someone else to access my content?

Only someone with the exact mnemonic phrase can access and decrypt your content. Since the mnemonic is never transmitted to or stored on the server, it's crucial to keep it secure and share it only with the intended recipient. Custom Mnemonics are insecure for private data, and should only be used as a convenience for sharing non-sensitive data.

What if I lose the mnemonic?

If you lose the mnemonic, there's no way to retrieve or decrypt the content. Since the server does not store any decryption keys or personal information, the data is effectively inaccessible without the mnemonic.

Can I use Disappear.net for sensitive or confidential information?

Disappear.net is designed to provide private and unique way to share content. However, it's essential to understand the limitations of the service. While we don't store mnemonics or keys, if you're sharing highly sensitive or confidential information, consider using additional security measures or encryption methods. Furthermore, users of Disappear.net should be aware that the service is still in development and may have vulnerabilities.

Does the scribble on the canvas affect the content?

The scribble is used to generate random entropy for creating a secure mnemonic. The drawing itself is not stored or transmitted and does not affect the content.

Do I need to install any software or plugins?

No, Disappear.net works entirely within your web browser. All encryption and decryption happen client-side, and there's no need to install additional software.

How is Disappear.net different from other ephemeral messaging services?

• Mnemonic-Based Sharing: Instead of sharing links that can be intercepted or tracked, Disappear.net uses mnemonic phrases for sharing content.
• Client-Side Encryption: All encryption and decryption processes occur on the client side, ensuring that your data remains private.
• No Accounts Needed: There's no need to sign up or provide personal information, enhancing anonymity.