Anonymous Drop Box
Collect files anonymously, no accounts needed
Share the upload link, keep the inbox link private
Collect files anonymously, no accounts needed
Share the upload link, keep the inbox link private
Information for copyright holders
tmp0.cc respects the intellectual property rights of others. We are committed to responding to valid DMCA takedown notices in accordance with the Digital Millennium Copyright Act.
While we cannot prevent all users from uploading copyrighted content, we take copyright infringement seriously and will promptly remove files when we receive a valid takedown request.
tmp0.cc operates as a neutral hosting provider under DMCA Section 512. We do not monitor, review, or control the content uploaded by users. We have no knowledge of potentially infringing content until notified. Upon receiving valid takedown notices, we act expeditiously to remove or disable access to the material.
Your notice must include:
Email: legal@tmp0.cc
Subject: DMCA Takedown Request
Upon receipt of a valid notice, we will review and remove infringing content, typically within 24-48 hours.
If you believe your content was removed in error, you may submit a counter-notification to legal@tmp0.cc
Everything you need to know about tmp0.cc
Drag and drop files or click to select. E2E encryption is enabled by default — set a password and your file is encrypted in your browser before upload. Use the button to generate a strong password automatically. A real-time entropy meter ensures your password meets the minimum strength requirement (50+ bits). Without password: Files are encrypted at rest on our server, but a warning will remind you that E2E is recommended. Enable True Zero-Knowledge mode for maximum privacy — the server treats your upload as an opaque blob with zero plaintext processing.
No. tmp0.cc is completely anonymous. No registration, no email required.
2 GB per upload (chunked resumable uploads).
You choose: 1 hour to 30 days. Files auto-delete after expiration.
Yes! Multiple files are automatically compressed into a single ZIP.
Press Ctrl+V to paste text directly and share it as a code snippet with syntax highlighting. Supports 25+ languages.
Max 10,000 lines or 500 KB. Features: line numbers, download, copy, raw view.
Drop a text file (.txt, .json, .py, etc.) and choose to share it as a code snippet or upload as a regular file.
After uploading, a QR code is generated automatically. Scan it with your phone to quickly share the download link.
Each upload gets a secret delete link. Save it to delete your file before it expires. Keep it private! Anyone with this link can delete your file.
A drop box is an anonymous digital mailbox. You create one and share the upload link with others. They can drop files into your box without knowing who you are. You view received files using your private inbox link.
1. Create a drop box at /dropbox. 2. Share the upload link with anyone. 3. They drop files without seeing your inbox. 4. Open your inbox link to view all dropped files. Both links contain secret tokens in the URL fragment (never sent to the server).
Senders and receivers are completely anonymous to each other and to us. No IP addresses stored, no accounts needed. The upload token and inbox token are separate secrets - knowing one does not reveal the other.
Max 100 files per box, 2 GB per file. Expires after the time you choose (1 hour to 30 days). Dropped files remain accessible via their individual download links even after the box expires.
Direct browser-to-browser file transfer using WebRTC. Your file goes straight from sender to receiver without ever being stored on our servers. The server only facilitates the initial connection (signaling). This is the strongest privacy option — the server never touches your file at all.
1. Select a file at /transfer. A WebSocket connects to our signaling server.
2. Server creates an ephemeral room (8-character random ID) and returns a shareable link.
3. Receiver opens the link. The server relays SDP offers/answers (session descriptions) and ICE candidates (connectivity info) between both browsers.
4. Both browsers negotiate a direct DTLS-encrypted connection. From this point, the server is no longer involved.
5. File is sent in 64KB chunks over the WebRTC DataChannel directly to the receiver's browser.
6. Receiver assembles the file in memory and can save it. The room auto-deletes.
Only signaling messages: SDP offers/answers (contain codec and connection info) and ICE candidates (contain IP addresses and port candidates for NAT traversal).
Never sees: File content, file name, file size, file type, or any file metadata. These are exchanged exclusively over the encrypted DataChannel between browsers.
Note: ICE candidates contain the IP addresses of both peers. These are relayed in-memory and never stored or logged. The server needs to forward them so both browsers can find each other, but discards them immediately.
Nothing persistent. Rooms exist only in server memory (not on disk, not in a database). Each room stores: a random 8-character ID, two WebSocket session references, and a creation timestamp. Rooms auto-delete after 10 minutes. After deletion, zero trace remains. IP addresses are only hashed temporarily in memory for rate limiting (same as all features).
The WebRTC DataChannel is encrypted with DTLS (Datagram Transport Layer Security, TLS 1.2+). The encryption keys are negotiated directly between browsers during the DTLS handshake — the server never sees or controls them.
No virus scanning, no metadata stripping, no hash computation — none of these are possible because the server never accesses the file. This is by design.
STUN servers (stun.l.google.com, stun.cloudflare.com) help browsers discover their public IP for NAT traversal. They only see a lightweight binding request — never file data, room IDs, or signaling content.
TURN server (configurable, optional) provides relay fallback when direct P2P connections fail due to symmetric NAT or strict firewalls. If enabled, the TURN server relays encrypted WebRTC traffic — it cannot decrypt the DTLS-encrypted DataChannel content. TURN support significantly reduces P2P connection failures.
Use P2P when: You want maximum privacy (server sees nothing), you need to transfer very large files without server bandwidth limits, or the receiver is online right now.
Use regular upload when: The receiver isn't online yet, you need a persistent download link, you want virus scanning, or you're behind a strict corporate firewall/VPN that blocks WebRTC.
Simultaneous presence: Both sender and receiver must be online at the same time. This is not asynchronous file sharing.
NAT/Firewall: Symmetric NAT or strict corporate firewalls may block the direct connection. When a TURN server is configured, it provides a relay fallback for these cases, significantly improving connection success rates. Without TURN, the transfer will fail with a connection error (~15% of connections).
Room expiry: Rooms auto-delete after 10 minutes from creation, regardless of transfer state. Maximum 5,000 concurrent rooms server-wide.
No resume: If the connection drops mid-transfer, the entire transfer must restart. There is no chunked resume mechanism.
Memory: The receiver's browser holds the entire file in memory until saved. Very large files may cause browser memory issues.
E2EE (with password — recommended): Files are encrypted in your browser using Argon2id + AES-256-GCM before upload. The server receives only ciphertext and cannot decrypt your files. A built-in password generator and entropy meter help ensure strong passwords (minimum 50 bits required).
True Zero-Knowledge (E2EE + ZK toggle): Same client-side encryption, but additionally the server skips all processing — no metadata stripping, no virus scan, no hash check. The server treats your upload as a completely opaque encrypted blob. Maximum privacy mode.
Server-encrypted (no password): The server receives your file in plaintext, processes it (computes hash, strips metadata, scans for viruses), then encrypts it with AES-256-GCM before storage. Important: A warning is shown because the server has temporary access to your file content. E2EE is always recommended.
When you set a password, your file is encrypted in your browser using Argon2id (256MB memory, 6 iterations) for key derivation and AES-256-GCM for encryption. Your password never leaves your device - the server only stores the encrypted ciphertext.
We use HMAC-SHA256 with a server-side secret key to hash IP addresses for rate limiting (stored temporarily in memory, cleared after 1 hour). Unlike plain SHA-256, HMAC prevents reverse-engineering — even if an attacker obtains the hashed values, they cannot recover the original IP addresses without the secret key. Raw IP addresses are never stored.
Uploads are scanned with ClamAV antivirus (open-source, signature-based detection). Scan status is shown on the download page.
Critical limitations:
A "clean" scan does NOT guarantee safety. Download all files at your own risk.
We maintain a SHA-256 hash blocklist of known harmful content (e.g., CSAM, known malware samples). If your file's hash matches this list, upload is rejected.
Limitations: This only blocks exact matches. Modified files (even 1 byte change) have different hashes and won't be blocked. The blocklist is not comprehensive and depends on reported/known hashes.
Still have questions?
support@tmp0.ccPrivacy-first: Minimal data, maximum protection
E2EE files (with password — default recommendation): Encrypted in your browser before upload using Argon2id + AES-256-GCM. A built-in password generator and entropy meter enforce minimum password strength (50+ bits). The server stores only ciphertext.
True Zero-Knowledge mode: E2EE with the additional guarantee that the server performs zero plaintext processing — no metadata stripping, no virus scan, no hash blocklist check. The server treats your upload as an opaque encrypted blob.
Server-encrypted files (no password): A warning is displayed when uploading without encryption. The server processes your file (hash computation, metadata removal, virus scan), then encrypts at rest. The server has temporary access to plaintext during processing.
About IP hashing: We use HMAC-SHA256 with a server-side secret key to hash IPs. Unlike plain SHA-256, HMAC prevents reverse-engineering via lookup tables — even with full access to the hashed values, the original IPs cannot be recovered without the secret key. The key is configurable via environment variable or auto-generated per instance.
Code snippets are stored in an in-memory database that is cleared on server restart. Snippet content is not encrypted server-side (unlike files) but can be password-protected with client-side encryption.
Snippets auto-delete after their chosen expiration time (1 hour to 30 days) or when download limits are reached.
Each upload generates a secret delete link containing a unique 32-character token. This link allows you to delete your file at any time before expiration.
Important: Keep your delete link private. Anyone with this link can delete your file. We cannot recover deleted files.
Zero server storage — strongest privacy mode. P2P transfers use WebRTC DataChannel to send files directly between browsers. The server acts exclusively as a signaling relay. No file data, file metadata, or transfer history is ever stored, logged, or cached.
What the server processes (ephemerally):
What the server never sees:
About ICE candidates and IP exposure: During signaling, ICE candidates containing the IP addresses of both peers are relayed through our server. This is a necessary part of WebRTC's NAT traversal mechanism. These addresses are held in memory only during the signaling phase and never written to disk or logs. After the room expires (10 minutes), all data is garbage-collected.
STUN servers: We use Google (stun.l.google.com) and Cloudflare (stun.cloudflare.com) public STUN servers for NAT discovery. STUN servers only see a lightweight binding request — never file data, room IDs, or signaling content.
TURN relay server: When configured, a TURN server provides relay fallback for users behind symmetric NATs or restrictive firewalls. The TURN server relays encrypted WebRTC traffic — it cannot decrypt the DTLS-encrypted DataChannel content. TURN credentials are delivered to the client via server-rendered HTML attributes. Self-hosted (e.g., coturn) or cloud providers (Cloudflare, Twilio, Xirsys) can be used.
QR codes are generated entirely in your browser using client-side JavaScript. No data is sent to external services.
Brute Force Protection: We temporarily store HMAC-SHA256 hashed IP addresses in memory (not on disk) to prevent abuse. These keyed hashes cannot be reversed without the server's secret key and are automatically cleared after 1 hour.
Rate Limiting: Request counts are tracked temporarily in memory using HMAC-hashed IP addresses. No persistent storage, no raw IPs stored. API key holders receive higher rate limits.
Abuse Detection: A scoring system tracks suspicious patterns (failed auth, rapid uploads, scanning behavior). IPs exceeding the abuse threshold are temporarily blocked for 15 minutes. Scores decay automatically after 5 minutes of inactivity.
External Resources (CDNs & Fonts):
We load the following resources from external CDNs:
When you load tmp0.cc, your browser makes requests to these CDNs. Standard HTTP request data (IP address, browser info, referrer) may be logged by these services according to their privacy policies.
Security Trust Model:
E2EE encryption depends on JavaScript from jsDelivr CDN. If jsDelivr were compromised, malicious code could theoretically intercept passwords before encryption. This is a fundamental limitation of browser-based E2EE.
Mitigations: We use Subresource Integrity (SRI) hashes to verify library integrity. For maximum security, advanced users can use our CLI tool (which doesn't depend on CDNs) or audit the source code.
Virus Scanning: All uploads are scanned with ClamAV antivirus. Infected files are flagged.
Hash Blocklist: Known malicious or illegal content is automatically blocked based on SHA-256 hash.
Scanning Exceptions:
No Guarantee: Security scanning is provided on a best-effort basis. No antivirus can detect 100% of threats. Files marked as "clean" may still contain malware. Download at your own risk.
Server-side (At-Rest): AES-256-GCM, key exists only in memory.
End-to-End Encrypted (E2EE — recommended default): Argon2id key derivation (6 iterations, 256MB memory, 4 threads) + AES-256-GCM. The UI recommends E2EE and provides a built-in password generator. A minimum entropy of 50 bits is enforced. Encryption/decryption happens entirely in your browser or CLI — the server never sees your password or plaintext.
True Zero-Knowledge mode: When enabled alongside E2EE, the server skips all plaintext processing (no metadata stripping, no virus scan, no hash blocklist). The upload is treated as an opaque blob. This provides the strongest privacy guarantee for stored files.
E2EE & ZK Files: Virus scanning is automatically skipped for E2EE and Zero-Knowledge files because the server cannot access the plaintext content. The download page shows "Scan disabled: End-to-end encrypted".
For server-encrypted files, we automatically strip metadata from supported file types:
Supported formats:
Limitations:
For maximum privacy with sensitive files, use E2EE and consider stripping metadata yourself before upload.
We maintain a Merkle tree-based audit log of file operations. This is different from traditional access logs:
Privacy note: If someone knows a file's SHA-256 hash, they can check the transparency log to see when it was uploaded/downloaded. This enables auditing but also means file hashes are semi-public information. For maximum privacy, use E2EE (the hash of encrypted ciphertext reveals nothing about the original file).
A command-line interface (tmp0) is available with full E2EE support for automated workflows and power users.
All features are accessible via public API endpoints documented in the API section.
Files auto-delete after their chosen expiration time (1 hour to 30 days).
Limitation: On modern SSDs with wear-leveling, "secure deletion" cannot be guaranteed at the hardware level. The SSD controller may retain old data in spare blocks. For highly sensitive data, use E2EE - even if old ciphertext is recovered, it cannot be decrypted without your password.
Operating Jurisdiction: Iceland
tmp0.cc operates under Icelandic law. Iceland is a member of the European Economic Area (EEA), ensuring strong privacy protections equivalent to EU standards while benefiting from Iceland's robust legal framework for digital privacy and freedom of expression.
All legal matters, disputes, and data protection inquiries are governed exclusively by Icelandic law and subject to the jurisdiction of Icelandic courts.
As an EEA member state, Iceland has incorporated the General Data Protection Regulation (GDPR) into national law through the Icelandic Data Protection Act (Lög um persónuvernd og vinnslu persónuupplýsinga).
Data Processing Principles:
Your GDPR Rights:
Our Commitment to User Privacy
We are committed to protecting user privacy to the fullest extent permitted by law. Any government or law enforcement request for user data will be subject to rigorous legal scrutiny.
Request Handling Procedure:
Technical Limitation: For E2EE files, we cannot provide plaintext content even under legal compulsion—we do not possess decryption keys. Any disclosed data would be limited to encrypted ciphertext and minimal metadata.
In the interest of transparency, we publish annual statistics on legal and takedown requests received. This report is updated annually.
| Year | DMCA Requests | Government/Legal Requests | Data Disclosed |
|---|---|---|---|
| 2025 | 0 | 0 | 0 |
| 2026 | 0 | 0 | 0 |
Last updated: February 2026 • Next update: January 2027
Zero Backup Architecture
tmp0.cc intentionally operates without any backup systems. This is a deliberate architectural decision to maximize privacy—not a limitation.
Infrastructure Design:
User Responsibility: If you need to retain a file beyond its expiration, download a copy. We cannot recover deleted or expired files under any circumstances—this is a feature, not a bug.
Verifiability: Our zero-backup policy is verifiable through our infrastructure: single-server deployment, no replication endpoints, no backup agent processes. This architecture ensures that when data is deleted, it is truly gone—with no hidden copies to potentially surface later.
HSM-Grade Key Protection
Encryption keys for server-side at-rest encryption are managed with hardware-level security protections.
Key Management Architecture:
Server Restart Behavior: On server restart, the HSM is queried to re-derive the master key. If the HSM is unavailable or tampered with, the service cannot start and existing encrypted data becomes permanently inaccessible.
E2EE Independence: For E2EE files, the above infrastructure is irrelevant—your password-derived key never touches our servers. E2EE security depends solely on your password strength and client-side cryptographic implementation.
Please read these terms carefully
By using tmp0.cc, you agree to these Terms. If you don't agree, don't use the service.
Privacy-focused temporary file sharing with multiple encryption modes:
All files auto-delete after expiration. No accounts, minimal metadata, HMAC-hashed IPs only.
Code Snippets: Share text and code with syntax highlighting. Snippets stored in ephemeral memory (cleared on restart), support password protection, and auto-delete after expiration.
P2P Transfer: Direct browser-to-browser file transfer via WebRTC. The server acts only as a signaling relay - no file data is stored, transmitted through, or logged by the server.
We reserve the right to block, flag, or remove any content that violates our policies.
Direct browser-to-browser file transfer via WebRTC. The server acts exclusively as a signaling relay and never processes, stores, or logs file data.
No server-side protections: Because the server never sees P2P-transferred files, ClamAV virus scanning, metadata stripping, hash blocklist checking, and content moderation do not apply. All prohibited content rules still apply, but enforcement is technically limited to signaling-level controls (rate limiting, room limits). Receivers accept files at their own risk.
To prevent abuse, we implement multi-layered protection:
You must be at least 13 years old to use this service. If you are under 18, you should have parental consent.
We do not guarantee uninterrupted service. The service may be modified or discontinued at any time without notice.
THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED.
We make no warranties regarding reliability, accuracy, availability, security, or fitness for any particular purpose. We do not warrant that files are virus-free, safe, legal, or free from harmful content.
YOU USE THIS SERVICE AND DOWNLOAD FILES ENTIRELY AT YOUR OWN RISK.
In no event shall we be liable for any claims, damages, or losses exceeding the amount you paid to use the service (which is zero).
We are a neutral hosting platform. We do not control, endorse, or take responsibility for any content uploaded by users. Users are solely responsible for their uploads.
Our only commitment is to review and remove content upon receiving valid abuse reports or legal requests (DMCA, law enforcement, etc.).
You agree to indemnify, defend, and hold harmless the service operator from any claims, damages, losses, or expenses (including legal fees) arising from your use of the service, your uploaded content, or your violation of these terms.
As a hosting provider, we operate under applicable safe harbor provisions (such as DMCA Section 512). We respond to valid takedown requests but bear no liability for user-uploaded content.
We may update these terms at any time. Continued use of the service constitutes acceptance of any changes.
Icelandic Law
These Terms of Service are governed exclusively by the laws of Iceland. Any disputes arising from or relating to these terms, the service, or your use thereof shall be subject to the exclusive jurisdiction of the courts of Iceland.
Iceland is a member of the European Economic Area (EEA), providing strong legal protections for privacy and data protection under GDPR-equivalent standards.
Operator information according to applicable law
Service: tmp0.cc - Temporary File Sharing
Type: Privacy-focused hosting service (non-commercial)
Jurisdiction: European Union
General Inquiries
support@tmp0.ccLegal / DMCA
legal@tmp0.ccSecurity Reports
security@tmp0.ccAbuse Reports
abuse@tmp0.ccPrivacy / DPO
privacy@tmp0.ccSecurity Policy
/.well-known/security.txtService Model
tmp0.cc operates as a privacy-focused file hosting service. All uploads are temporary and auto-delete based on the configured retention period (1 hour to 30 days).
Data Processing
No user registration, no tracking, no analytics. IP addresses are hashed with HMAC-SHA256 for rate limiting only and never stored permanently. See our Privacy Policy for full details.
Applicable Law
EU General Data Protection Regulation (GDPR), ePrivacy Directive, Digital Services Act (DSA), DMCA Safe Harbor (Section 512).
Content Responsibility
As a hosting provider, we are not responsible for user-uploaded content under applicable safe harbor provisions. We respond to valid takedown requests within 24 hours.
Open Source: tmp0.cc is open source under GPLv3. You can audit the code and verify our privacy claims.
Transparency Log: We maintain a Certificate Transparency-style log. Only cryptographic hashes are logged - no personal data.
E2E Encryption: Files encrypted with a password use Argon2id + AES-256-GCM. The server cannot access plaintext.
Zero-Knowledge: True ZK mode available - the server treats your upload as an opaque encrypted blob with no metadata processing.
If you discover a security vulnerability, please report it responsibly:
Choose the right channel for your inquiry
support@tmp0.cc
abuse@tmp0.cc
legal@tmp0.cc
privacy@tmp0.cc
We respond within 24-48 hours. Abuse reports prioritized within 24 hours.
We respond in English and German.
Programmatic access to temporary file and code sharing.
| Endpoint | Limit |
|---|---|
| /v1/upload | 10 req/min |
| /file/{id}/info | 30 req/min |
| /file/{id}/download | 60 req/min (per IP), 50 req/min (per file) |
| /file/{id}/delete | 10 attempts max (then IP blocked) |
| /v1/chunked/* | 30 req/min |
| /snippet/create | 5 req/min |
| /snippet/{id}/info | 30 req/min |
| /snippet/{id}/content | 60 req/min |
| /snippet/{id}/raw | 60 req/min |
Rate limits are per IP address (HMAC-SHA256 hashed). Authenticated API key users get higher limits (30 uploads/min, 120 req/min). Headers: X-RateLimit-Remaining, X-RateLimit-Limit, Retry-After (when limited)
curl -X POST "https://tmp0.cc/api/snippet/create?language=python" \
-H "Content-Type: text/plain" \
-d 'print("Hello, World!")'
Optional API key authentication for higher rate limits.
API Key (Optional)
All endpoints work without authentication. Providing an API key via the X-API-Key header unlocks higher rate limits for automated integrations.
| Feature | Anonymous | With API Key |
|---|---|---|
| Uploads per minute | 10 | 30 |
| Uploads per hour | 50 | 200 |
| API requests per minute | 30 | 120 |
# Upload with API key for higher rate limits curl -X POST "https://tmp0.cc/api/v1/upload" \ -H "X-API-Key: tmp0_YOUR_KEY_HERE" \ -F "file=@myfile.txt"
API keys are HMAC-SHA256 signed. Invalid keys trigger abuse detection scoring.
Automatic Protection
Suspicious patterns (failed auth, rapid uploads, scanning, repeated rate limit hits) are scored. Exceeding the threshold results in a 15-minute temporary block. Scores decay after 5 minutes of normal behavior.
Standard HTTP status codes indicate success or failure.
| Status | Description |
|---|---|
| 200 | Success |
| 400 | Bad request - invalid parameters |
| 401 | Unauthorized - invalid password |
| 403 | Forbidden - invalid token |
| 404 | Resource not found |
| 410 | Gone - deleted due to brute force |
| 429 | Rate limit exceeded |
| 500 | Server error |
{
"success": false,
"error": "Error message here"
}
Upload and manage temporary files via API.
/v1/upload
Upload a file. Returns download URL, delete token, and file info.
multipart/form-data
1h 6h 12h 1d 7d 30d (default: 7d)curl -X POST "https://tmp0.cc/api/v1/upload" \ -F "file=@document.pdf" \ -F "expires=7d" \ -F "burnAfterReading=true"
{
"success": true,
"fileId": "aBcDeFgHiJkL",
"url": "/d/aBcDeFgHiJkL",
"fullUrl": "https://tmp0.cc/d/aBcDeFgHiJkL",
"directDownloadUrl": "https://tmp0.cc/api/file/aBcDeFgHiJkL/download",
"deleteToken": "xYz123AbC456DeF789GhI012JkL345Mn",
"deleteUrl": "https://tmp0.cc/d/aBcDeFgHiJkL/delete?token=...",
"fileInfo": {
"expires": "7d",
"maxDownloads": 10
}
}
/v1/upload
Get API documentation and usage examples.
/file/{id}/info
Get file metadata without downloading.
{
"available": true,
"fileName": "document.pdf",
"fileSize": 1048576,
"contentType": "application/pdf",
"passwordRequired": false,
"clientEncrypted": false,
"viewCount": 5,
"downloadCount": 2,
"maxDownloads": 10,
"expiresAt": "2025-02-07T12:00:00",
"scanStatus": "CLEAN",
"scanMessage": "No threats detected"
}
/file/{id}/download
Download a file. Increments download counter.
curl -X POST "https://tmp0.cc/api/file/aBcDeFgHiJkL/download" \ -d "password=secret123" \ -o downloaded_file.pdf
/file/{id}/preview
Get image preview. Only works for non-password-protected image files. Does not increment download counter.
Returns binary image data with appropriate Content-Type header, or 404 if not available.
/file/{id}/delete
Delete a file using the secret delete token provided at upload.
curl -X DELETE "https://tmp0.cc/api/file/aBcDeFgHiJkL/delete?token=xYz123AbC456DeF789..."
{ "success": true, "message": "File deleted" }
/storage/status
Get server storage usage statistics.
{
"used": 52428800000,
"limit": 107374182400,
"available": 54945382400,
"percentUsed": 48.8
}
The following file types are blocked for security:
Create and manage code snippets with syntax highlighting.
/snippet/create
Create a new code snippet. Accepts plain text (recommended) or JSON.
python, javascript, etc.1h 6h 12h 1d 7d 30d# Auto-detect language (default) curl -X POST "https://tmp0.cc/api/snippet/create?expires=7d" \ -H "Content-Type: text/plain" \ --data-binary @script.py # Disable auto-detect, set language manually curl -X POST "https://tmp0.cc/api/snippet/create?autoDetect=false&language=python" \ -H "Content-Type: text/plain" \ --data-binary @script.py
{
"success": true,
"snippetId": "abc123xyz456",
"url": "/s/abc123xyz456",
"fullUrl": "https://tmp0.cc/s/abc123xyz456",
"rawUrl": "https://tmp0.cc/api/snippet/abc123xyz456/raw",
"deleteToken": "aBcDeFgHiJkLmNoPqRsTuVwXyZ012345",
"deleteUrl": "https://tmp0.cc/s/abc123xyz456/delete?token=...",
"language": "python" // detected or specified language
}
/snippet/{id}/info
Get snippet metadata without retrieving content.
{
"available": true,
"snippetId": "abc123xyz456",
"title": "My Snippet",
"language": "python",
"lineCount": 42,
"charCount": 1337,
"passwordProtected": false,
"remainingDownloads": 5,
"expiresAt": "2025-02-07T12:00:00Z"
}
/snippet/{id}/content
Retrieve snippet content as JSON. Use for password-protected snippets.
{
"success": true,
"content": "print('Hello World')",
"language": "python",
"title": "My Snippet",
"lineCount": 1,
"charCount": 21
}
/snippet/{id}/raw
Retrieve raw snippet content as plain text.
/snippet/{id}
Delete a snippet using the delete token.
Link directly to specific lines in a snippet using URL hash:
Clicking a line number also updates the URL for easy sharing.
Highlight specific words in the snippet using URL parameter:
Full-featured command-line interface with E2EE encryption and pipe support.
Zero-Knowledge CLI
Full E2EE support with Argon2id + AES-256-GCM encryption matching the browser implementation.
Download both files to the same directory
Make sure you have Node.js 18+ installed
node --version # Should be v18.0.0 or higher
Create a folder and download both files above, or use curl:
mkdir tmp0-cli && cd tmp0-cli curl -O https://tmp0.cc/api/v1/cli/tmp0.js curl -O https://tmp0.cc/api/v1/cli/package.json
Install the required npm packages
npm install
Link the CLI so you can use tmp0 from anywhere
npm link # Now you can use 'tmp0' globally
Check that the CLI is working
tmp0 --help
# Or if not linked:
node tmp0.js --help
mkdir tmp0-cli && cd tmp0-cli && curl -O https://tmp0.cc/api/v1/cli/tmp0.js && curl -O https://tmp0.cc/api/v1/cli/package.json && npm install && npm link
tmp0 upload document.pdf
tmp0 upload secret.pdf -e -p "mypassword"
cat file.txt | tmp0 upload -n "myfile.txt" echo "Hello World" | tmp0 upload -e -p "secret"
tmp0 download aBcDeFgHiJkL -p "mypassword" -o output.pdf tmp0 download aBcDeFgHiJkL -p "mypassword" > output.pdf
cat script.py | tmp0 snippet -l python
echo "console.log('hello')" | tmp0 paste
tmp0 snippet script.py -e -p "secret" -l python
tmp0 snippet-get abc123 -p "secret" > script.py tmp0 get abc123 -p "secret" -o script.py
Algorithm: AES-256-GCM
Key Derivation: Argon2id (6 iterations, 256 MB memory, 4 parallelism)
Salt: 128 bits (random)
IV: 96 bits (random)
Password never leaves your device. Server cannot decrypt E2EE files.
Public cryptographic information about the service and individual files.
Verifiable Security
All encryption parameters are publicly auditable. Verify our zero-knowledge claims yourself.
/v1/crypto/manifest
Get the global crypto manifest with all encryption parameters.
{
"version": "1.0.0",
"e2ee": {
"algorithm": "AES-256-GCM",
"keyDerivation": "Argon2id",
"parameters": {
"timeCost": 6,
"memoryCost": "256 MB",
"parallelism": 4
}
},
"atRest": {
"algorithm": "AES-256-GCM",
"keyLength": "256 bits"
},
"transparency": {
"enabled": true,
"hashAlgorithm": "SHA-256",
"signing": "HMAC-SHA256"
}
}
/v1/crypto/manifest/{fileId}
Get the crypto badge for a specific file.
{
"fileId": "aBcDeFgHiJkL",
"encryption": {
"type": "E2EE",
"algorithm": "AES-256-GCM",
"keyDerivation": "Argon2id",
"zeroKnowledge": true
},
"integrity": {
"algorithm": "SHA-256",
"hash": "a1b2c3d4..."
},
"badgeHash": "e5f6g7h8..."
}
curl https://tmp0.cc/api/v1/crypto/manifest
curl https://tmp0.cc/api/v1/crypto/manifest/aBcDeFgHiJkL
curl -X POST https://tmp0.cc/api/v1/crypto/verify-badge \
-H "Content-Type: application/json" \
-d '{"fileId":"aBcDeFgHiJkL","badgeHash":"e5f6g7h8..."}'
Certificate Transparency style logging for audit and verification.
Immutable Audit Trail
Only cryptographic hashes are logged - no file content or personal data. Similar to Certificate Transparency (RFC 6962).
/v1/transparency/log/{fileId}
Get transparency log entry for a file.
{
"logId": "uuid",
"fileId": "aBcDeFgHiJkL",
"operationType": "UPLOAD",
"timestamp": "2025-02-01T12:00:00Z",
"contentHash": "sha256...",
"merkleRoot": "root...",
"signature": "hmac..."
}
/v1/transparency/verify/{fileId}
Verify file integrity in transparency log.
{
"valid": true,
"message": "Entry verified successfully",
"merkleRoot": "root...",
"signature": "hmac..."
}
/v1/transparency/sth
Get Signed Tree Head (current log state).
{
"treeSize": 12345,
"timestamp": 1706789200000,
"merkleRoot": "root...",
"signature": "hmac..."
}
/v1/transparency/public-log?limit=50
Get recent public log entries (hashes only, no content).
curl https://tmp0.cc/api/v1/transparency/log/aBcDeFgHiJkL
curl https://tmp0.cc/api/v1/transparency/verify/aBcDeFgHiJkL
curl https://tmp0.cc/api/v1/transparency/sth
curl "https://tmp0.cc/api/v1/transparency/public-log?limit=20"
Generate time-limited, cryptographically signed download URLs.
HMAC-SHA256 Signatures
Tamper-proof URLs with optional IP binding and one-time use restrictions.
/v1/signed/generate
Generate a signed download URL.
{
"fileId": "aBcDeFgHiJkL",
"ttl": 3600, // seconds (default: 3600)
"ipBinding": true, // bind to client IP
"oneTimeUse": true // URL can only be used once
}
{
"signedUrl": "https://tmp0.cc/api/v1/signed/download/aBcDeFgHiJkL?sig=...&exp=...&nonce=...",
"fileId": "aBcDeFgHiJkL",
"expiresIn": 3600,
"ipBound": true,
"oneTimeUse": true
}
/v1/signed/download/{fileId}
Download file using a signed URL.
/v1/signed/verify
Verify a signed URL without downloading.
{ "url": "https://tmp0.cc/api/v1/signed/download/..." }
# Generate a signed URL (1 hour TTL)
curl -X POST https://tmp0.cc/api/v1/signed/generate \
-H "Content-Type: application/json" \
-d '{"fileId": "abc123"}'
# With custom TTL (30 minutes) and IP binding
curl -X POST https://tmp0.cc/api/v1/signed/generate \
-H "Content-Type: application/json" \
-d '{"fileId": "abc123", "ttl": 1800, "ipBinding": true}'
# One-time use URL (can only be downloaded once)
curl -X POST https://tmp0.cc/api/v1/signed/generate \
-H "Content-Type: application/json" \
-d '{"fileId": "abc123", "oneTimeUse": true}'
# Download using the signed URL (use the URL from generate response) curl -o file.zip "https://tmp0.cc/api/v1/signed/download/abc123?sig=...&exp=...&nonce=..."
# Verify a signed URL without downloading
curl -X POST https://tmp0.cc/api/v1/signed/verify \
-H "Content-Type: application/json" \
-d '{"url": "https://tmp0.cc/api/v1/signed/download/abc123?sig=...&exp=...&nonce=..."}'
# Generate a signed URL for a file tmp0 sign abc123 # Custom TTL (30 minutes) tmp0 sign abc123 --ttl 1800 # One-time use URL tmp0 sign abc123 --one-time # IP-bound URL (only works from your IP) tmp0 sign abc123 --ip-binding
Create short URLs with spam protection, password protection, and expiration times.
Advanced algorithms detect and block malicious URLs, phishing attempts, and spam. Rate limits: 20 URLs/hour, 50/day per IP.
/v1/url/shorten
Create a new short URL. Accepts JSON.
{
"url": "https://example.com/very/long/url",
"password": "optional-password",
"maxClicks": 100,
"expires": "7d",
"customAlias": "mylink"
}
| Field | Type | Description |
|---|---|---|
url | string | URL to shorten (required) |
password | string | Password to protect the URL (optional) |
maxClicks | integer | Maximum clicks before expiration (0 = unlimited) |
expires | string | Expiration time: 1h, 6h, 12h, 1d, 7d, 30d |
customAlias | string | Custom alias (4-20 lowercase alphanumeric) |
{
"success": true,
"shortCode": "abc123xy",
"shortUrl": "/u/abc123xy",
"fullUrl": "https://tmp0.cc/u/abc123xy",
"deleteToken": "abcdefghij1234567890abcdefghij12",
"deleteUrl": "https://tmp0.cc/u/abc123xy/delete?token=..."
}
curl -X POST https://tmp0.cc/api/v1/url/shorten \
-H "Content-Type: application/json" \
-d '{"url": "https://example.com/page", "expires": "7d"}'
/url/{shortCode}/info
Get information about a short URL without incrementing the click count.
{
"available": true,
"shortCode": "abc123xy",
"targetDomain": "example.com",
"passwordProtected": false,
"clickCount": 42,
"maxClicks": 100,
"expiresAt": "2026-02-11T14:30:00"
}
/url/{shortCode}/resolve
Resolve a short URL to its original destination. Increments click count.
password=your-password
{
"success": true,
"url": "https://example.com/original-url"
}
/url/{shortCode}?token={deleteToken}
Delete a short URL using its delete token.
{
"success": true,
"message": "Short URL deleted successfully"
}
Known spam, phishing, and malware domains are automatically blocked. URL shortener chains (bit.ly, tinyurl, etc.) are also blocked to prevent abuse.
Suspicious URL patterns are detected including: phishing keywords (login, verify, secure), brand impersonation, IP-based URLs, and cryptocurrency scam keywords.
Each URL receives a spam score (0-100). URLs with scores above 70 are blocked. Scores between 50-70 are flagged for review. The score is calculated based on multiple factors including IP history, domain frequency, and URL patterns.
| Value | Duration | Use Case |
|---|---|---|
1h | 1 hour | Quick sharing, temporary links |
6h | 6 hours | Work session sharing |
12h | 12 hours | Daily sharing |
1d | 1 day | Next-day follow-up |
7d | 7 days (default) | Weekly sharing |
30d | 30 days | Long-term sharing |
Developer-first API for direct uploads without round-trips. Use tmp0 as infrastructure.
Zero-Trust Upload Flow
Get a time-limited token, upload directly. No auth headers needed for the actual upload.
/api/v2/presign
Request a pre-signed upload URL. Returns a time-limited token valid for 30 minutes.
{
"fileName": "document.pdf",
"fileSize": 1048576, // optional, size hint
"contentType": "application/pdf",
"storageTime": "7d", // 1h, 6h, 1d, 3d, 7d, 14d, 30d
"clientEncrypted": true, // E2EE upload
"maxDownloads": 10, // optional limit
"burnAfterReading": false
}
{
"success": true,
"uploadUrl": "/api/v2/upload/direct/xYz123...",
"token": "xYz123AbCdEf...",
"expiresAt": "2024-01-01T12:30:00",
"maxFileSize": 2147483648,
"validForMinutes": 30
}
/api/v2/upload/direct/{token}
Upload file using the pre-signed token. No authentication required.
{
"success": true,
"fileId": "aBcDeFgHiJkL",
"url": "/d/aBcDeFgHiJkL",
"deleteToken": "secret-delete-token",
"downloadUrl": "/d/aBcDeFgHiJkL",
"apiUrl": "/api/v2/files/aBcDeFgHiJkL"
}
/api/v2/files/{fileId}
Get detailed file metadata including privacy level and security badges.
# 1. Request pre-signed URL TOKEN=$(curl -s -X POST https://tmp0.cc/api/v2/presign \ -H "Content-Type: application/json" \ -d '{"fileName": "backup.zip", "storageTime": "7d"}' \ | jq -r '.token') # 2. Upload directly using token curl -X PUT "https://tmp0.cc/api/v2/upload/direct/$TOKEN" \ -H "Content-Type: application/octet-stream" \ --data-binary @backup.zip # Response: {"success": true, "fileId": "abc123...", ...}
Real-time file events via Server-Sent Events (SSE). Build reactive applications.
Real-time Events
Subscribe to download events, expiration warnings, and file deletion notifications.
/api/v2/events/{fileId}
SSE
Subscribe to real-time events for a file. Connection kept alive for 30 minutes.
const events = new EventSource('/api/v2/events/aBcDeFgHiJkL');
events.addEventListener('connected', (e) => {
const data = JSON.parse(e.data);
console.log('Connected:', data);
});
events.addEventListener('download', (e) => {
const data = JSON.parse(e.data);
console.log(`Downloaded! Count: ${data.downloadCount}`);
});
events.addEventListener('expiring', (e) => {
const data = JSON.parse(e.data);
console.log(`Expires in ${data.minutesRemaining} minutes`);
});
events.addEventListener('deleted', (e) => {
console.log('File was deleted');
events.close();
});
/api/v2/stream/status
Check streaming API status and active connections.
{
"activeConnections": 42,
"trackedFiles": 15,
"status": "operational"
}
Use tmp0.cc as your uploader for screenshots, text, and files in ShareX.
Quick Setup
Download the config file and double-click to import into ShareX.
tmp0.cc.sxcu (Double-click to import)
If the automatic import doesn't work, follow these steps:
https://tmp0.cc/api/sharex-config{
"Version": "16.0.0",
"Name": "tmp0.cc",
"DestinationType": "ImageUploader, TextUploader, FileUploader",
"RequestMethod": "POST",
"RequestURL": "https://tmp0.cc/api/v1/upload",
"Body": "MultipartFormData",
"FileFormName": "file",
"Arguments": {
"expires": "30d"
},
"URL": "{json:fullUrl}",
"ThumbnailURL": "{json:fullUrl}",
"DeletionURL": "{json:deleteUrl}"
}
Modify the Arguments section to change defaults:
1h 6h 12h 1d 7d 30d"password": "your-secret" for protection"maxDownloads": "10" to limitComplete transparency about how tmp0.cc protects your data.
Trust Through Transparency
This documentation establishes our trust baseline. All cryptographic claims are verifiable through public APIs and source code.
AES-256-GCM with Argon2id key derivation. Built-in password generator with real-time entropy meter (min. 50 bits enforced). Password never leaves your browser. Uploading without encryption triggers a warning.
E2EE with zero server-side processing. No metadata stripping, no virus scan, no hash blocklist. The server treats your upload as an opaque encrypted blob. We cannot comply with content requests for E2EE/ZK data.
IP addresses are hashed with HMAC-SHA256 using a server-side secret key. Unlike plain SHA-256, this prevents reverse-engineering via lookup tables. Hashes are temporary (in-memory only) and auto-cleared.
Score-based abuse detection with auto-blocking. Optional API key authentication (HMAC-signed) with higher rate limits. Failed auth attempts feed the abuse scoring system.
Merkle tree-based audit log. All operations are verifiable via public endpoints.
WebRTC DataChannel with DTLS encryption. Files transfer directly between browsers. Configurable TURN relay server ensures connectivity behind restrictive NATs/firewalls.
| Component | Algorithm | Key Size |
|---|---|---|
| Symmetric Encryption | AES-256-GCM | 256-bit |
| Key Derivation | Argon2id | 256-bit output |
| Password Hashing | BCrypt | Cost factor 10 |
| Content Hashing | SHA-256 | 256-bit |
| Signatures | HMAC-SHA256 | 256-bit |
| P2P Transfer | WebRTC DTLS | TLS 1.2+ |
What we can see vs. what we cannot see — complete transparency.
| Data Type | Plain Upload | Server-Encrypted | E2EE | E2EE + ZK | P2P Transfer |
|---|---|---|---|---|---|
| File content | ✓ Can see | ⚠ Can decrypt | ✗ Cannot see | ✗ Opaque blob | ✗ Never touches server |
| File name | ✓ Can see | ✓ Can see | ✓ Can see | ⚠ Metadata only | ✗ Never touches server |
| Server processing | ✓ Full | ✓ Full | ✗ Skipped | ✗ None | ✗ None |
| Password | N/A | ✓ Hash stored | ✗ Never sent | ✗ Never sent | N/A |
| IP address | ✗ HMAC hashed | ✗ HMAC hashed | ✗ HMAC hashed | ✗ HMAC hashed | ⚠ Relayed via ICE |
| User identity | ✗ Not collected | ✗ Not collected | ✗ Not collected | ✗ Not collected | ✗ Not collected |
Zero-Knowledge Guarantee
For E2EE files: Even with full server access, database dumps, and file system access, we mathematically cannot decrypt your files without your password. In True Zero-Knowledge mode, the server additionally performs zero processing on the encrypted blob — no metadata stripping, no virus scan, no hash blocklist check.
Four distinct security levels for different use cases.
Files encrypted on the server with AES-256-GCM before storage.
Password verified by server. BCrypt hashing with brute force protection.
Encrypted in your browser before upload. Server never sees plaintext or password. Built-in password generator enforces minimum 50-bit entropy.
File never touches the server. Direct browser-to-browser via WebRTC DataChannel with DTLS encryption. TURN relay fallback when direct connections fail.
| Who must you trust? | Tier 1 | Tier 2 | Tier 3 | Tier 4 (P2P) |
|---|---|---|---|---|
| tmp0.cc server | ✓ | ✓ | ✗ | ✗ |
| tmp0.cc operators | ✓ | ✓ | ✗ | ✗ |
| Network (TLS) | ✓ | ✓ | ⚠ | ✗ |
| CDN (JavaScript) | ✓ | ✓ | ✓ | ✗ |
| Your browser | ✓ | ✓ | ✓ | ✓ |
| STUN servers | N/A | N/A | N/A | ⚠ |
✓ = Must trust | ✗ = Zero trust required | ⚠ = Metadata only (IP/connectivity info)
Technical details of all cryptographic operations.
| Algorithm | AES-256-GCM |
| Key Derivation | Argon2id |
| Argon2id Memory | 256 MB |
| Argon2id Iterations | 6 |
| Argon2id Parallelism | 4 threads |
| Salt Size | 16 bytes (128 bits) |
| IV Size | 12 bytes (96 bits) |
| GCM Tag Size | 16 bytes (128 bits) |
┌──────────────┬──────────────┬─────────────┬──────────────────────────┐ │ Version (4B) │ Salt (16B) │ IV (12B) │ Ciphertext + GCM Tag │ │ 0x45324530 │ │ │ (16B tag) │ │ "E2E01" │ │ │ │ └──────────────┴──────────────┴─────────────┴──────────────────────────┘
Version magic 0x45324530 allows future format upgrades while maintaining backward compatibility.
| Algorithm | AES-256-GCM |
| Key Source | Environment variable |
| IV Size | 12 bytes (96 bits) |
| Storage Format | [IV 12B][Ciphertext][GCM Tag 16B] |
Cost per attempt: 256 MB memory × 6 iterations
GPU mitigation: Memory-hardness makes parallel attacks prohibitively expensive
Time to crack (at 10,000 attempts/second):
STRIDE + LINDDUN analysis of security and privacy threats.
Attacker impersonates legitimate user or system.
Mitigations: CSRF tokens, 64-char delete tokens, HMAC-signed URLs, constant-time comparison
P2P: Room IDs are 8 random alphanumeric characters (2.8 trillion combinations). An attacker would need to guess the ID within the 10-minute window to join a room.
Unauthorized modification of data.
Mitigations: TLS 1.3, AES-256-GCM authentication tags, Merkle tree integrity
P2P: DTLS provides authenticated encryption on the DataChannel. Signaling messages are relayed over TLS-protected WebSocket. SDP tampering would cause connection failure, not data interception.
Denying actions taken.
Mitigations: Signed transparency log, Merkle tree proofs, public verification
Exposure of sensitive information.
Mitigations: E2EE, at-rest encryption, minimal metadata, no IP storage
P2P: File data never reaches the server. ICE candidates (containing peer IPs) are relayed ephemerally and never stored. DTLS encrypts the DataChannel end-to-end.
Making service unavailable.
Mitigations: Rate limiting, 2GB file limit, 100GB total storage, semaphore limiting
P2P: Max 5,000 concurrent rooms, 10-minute room expiry, IP-based rate limiting on room creation, 64KB max signaling message size.
Gaining unauthorized capabilities.
Mitigations: Input validation, ClamAV scanning, parameterized queries, 5-attempt brute force limit
No IP storage, random file IDs, no user accounts
No PII collected, E2EE prevents content analysis
Logs contain only hashes, no link to users
Random IDs, no public listing, no search
E2EE files impossible to disclose
Clear UI, crypto badges, this documentation
Complete analysis of the peer-to-peer file transfer architecture.
Zero Server Contact
P2P Transfer is the only mode where the server never touches, processes, or stores your file in any form. The server acts exclusively as a signaling relay to establish the direct connection.
| Data | Purpose | Storage | Lifetime |
|---|---|---|---|
| Room ID | Identify signaling room | In-memory only | 10 min max |
| WebSocket sessions | Route messages between peers | In-memory only | Until disconnect |
| SDP offers/answers | WebRTC negotiation | Relayed, not stored | Transient |
| ICE candidates | NAT traversal | Relayed, not stored | Transient |
| IP address (HMAC-SHA256 hashed) | Rate limiting | In-memory only | 1 hour |
| Creation timestamp | Room expiry calculation | In-memory only | 10 min max |
Transferred exclusively over the encrypted DataChannel between browsers.
Name, size, and MIME type are sent as the first DataChannel message — never via signaling.
DTLS keys are negotiated directly between peers during the handshake. Server cannot decrypt DataChannel traffic.
Progress, completion, speed — all happen on the DataChannel. Server doesn't know if/when a transfer completes.
| Transport Encryption | DTLS 1.2+ (TLS over UDP) |
| DataChannel Protocol | SCTP over DTLS |
| Key Exchange | Peer-to-peer DTLS handshake (server not involved) |
| Signaling Transport | WebSocket over TLS (wss://) |
| NAT Traversal | STUN (Google + Cloudflare), configurable TURN relay fallback |
| Chunk Size | 65,536 bytes (64 KB) |
| Channel Mode | Ordered, reliable (TCP-like semantics) |
| Room ID Entropy | 8 alphanumeric chars = ~41 bits (2.8 × 10¹² combinations) |
| Time | Event | Details |
|---|---|---|
| T+0s | Sender creates room | Room allocated in ConcurrentHashMap |
| T+0s | Room ID returned | 8 random alphanumeric characters |
| T+Ns | Receiver joins | Signaling begins (SDP/ICE exchange) |
| T+Ns | DataChannel established | Server's role is complete |
| T+10min | Room auto-deleted | Cleanup job runs every 60 seconds |
Symmetric NAT or strict firewalls may prevent direct peer connections. When a TURN server is configured, it provides relay fallback — the TURN server relays DTLS-encrypted traffic without being able to decrypt it. Without TURN, the transfer fails cleanly (~15% of connections). The TURN server never has access to plaintext file content.
If either peer disconnects, the entire transfer must restart. There is no chunked resume. Partially received data is discarded from browser memory. No data remains on the server.
An attacker would need to guess the 8-character room ID (2.8 trillion combinations) within the 10-minute window AND before the legitimate receiver joins. Rooms only accept one peer, so a successful join by the attacker would block the real receiver — but they still cannot access file data until the sender initiates the transfer.
Because the server never processes the file, ClamAV scanning, EXIF stripping, and hash blocklist checks are all skipped. Files are transferred as-is between browsers. The receiver should exercise the same caution as receiving any file from an untrusted source.
| Data | Server-Encrypted | E2EE | E2EE + ZK | P2P Transfer |
|---|---|---|---|---|
| File content | Temporarily | Never (ciphertext) | Never (opaque blob) | Never |
| File name | Yes | Yes | Metadata only | Never |
| File size | Yes | Padded | Padded | Never |
| SHA-256 hash | Computed | Of ciphertext | Of ciphertext | Never |
| Virus scan | Yes | Skipped | Skipped | Skipped |
| Metadata strip | Yes | Skipped | Skipped | Skipped |
| Hash blocklist | Checked | Checked | Skipped | Skipped |
| File policies | Evaluated | Skipped | Skipped | Skipped |
| Persistent storage | Until expiry | Until expiry | Until expiry | None |
| Peer IP addresses | HMAC hashed | HMAC hashed | HMAC hashed | Relayed via ICE |
Merkle tree-based audit logging with public verification.
Certificate Transparency Inspired
Based on RFC 6962, adapted for file operations. All entries are append-only and cryptographically verifiable.
┌─────────┐
│ Root │ ← Merkle Root (in STH)
│ H0123 │
└────┬────┘
┌─────────┴─────────┐
│ │
┌────┴────┐ ┌────┴────┐
│ H01 │ │ H23 │
└────┬────┘ └────┬────┘
┌─────┴─────┐ ┌─────┴─────┐
│ │ │ │
┌────┴────┐ ┌────┴────┐ ┌────┴────┐ ┌────┴────┐
│ Entry 0 │ │ Entry 1 │ │ Entry 2 │ │ Entry 3 │
└─────────┘ └─────────┘ └─────────┘ └─────────┘
Entry[0] Entry[1] Entry[2] ┌─────────┐ ┌─────────┐ ┌─────────┐ │ hash=H0 │─────▶│ prev=H0 │─────▶│ prev=H1 │ │ prev=∅ │ │ hash=H1 │ │ hash=H2 │ └─────────┘ └─────────┘ └─────────┘
Each entry's previousHash links to the prior entry, creating an immutable chain.
| Field | Description |
|---|---|
| logId | Unique UUID |
| operationType | UPLOAD | DOWNLOAD | DELETE |
| timestamp | ISO 8601 timestamp |
| contentHash | SHA-256 of encrypted content |
| metadataHash | SHA-256 of metadata |
| entryHash | SHA-256 of entry data |
| previousHash | Hash chain link |
| signature | HMAC-SHA256 of entryHash |
| merkleRoot | Tree root after this entry |
Signed Tree Head (current log state)
List log entries (paginated)
Inclusion proof for entry
Full chain verification
External Auditing
Anyone can monitor the transparency log. Cache STHs over time to detect any unauthorized modifications or deletions.
Chunked resumable uploads for files up to 2GB with parallel encryption.
No Feature Disadvantage
Competitive with Wormhole and SwissTransfer. Upload files up to 2GB with E2EE, resumable uploads, and parallel processing.
| Max file size | 2 GB |
| Chunk size | 10 MB |
| Max chunks | 210 chunks |
| Parallel uploads | 3 concurrent |
| Session timeout | 60 minutes |
| Resume capability | Yes (missing chunks tracked) |
Client requests upload session with file metadata. Server returns session ID, chunk count, and size.
File is split into 10MB chunks. Multiple chunks upload in parallel. Progress tracked per-chunk.
Session ID stored locally. If interrupted, query server for missing chunks and upload only those.
Once all chunks received, server assembles file, computes hash, encrypts, and stores. File ID returned.
For E2EE uploads, chunks are encrypted in parallel using Web Workers for maximum performance.
File (2GB)
│
├── Chunk 0 ──▶ [Web Worker 1] ──▶ AES-256-GCM ──▶ Upload
├── Chunk 1 ──▶ [Web Worker 2] ──▶ AES-256-GCM ──▶ Upload
├── Chunk 2 ──▶ [Web Worker 3] ──▶ AES-256-GCM ──▶ Upload
│ (parallel encryption) │
└── ... 210 chunks total └── Server assembles
Each chunk encrypted with same derived key (Argon2id), unique IV per chunk.
Get chunked upload configuration
Initialize upload session
Upload a single chunk
Get session status (for resume)
Finalize upload (assemble chunks)
Cancel upload session
Automatic Fallback
Files under 50MB use single-request upload for simplicity. Chunked upload automatically activates for larger files or when explicitly requested.
Trust without identity. Verify senders without accounts, logins, or tracking.
Trust Without Accounts
Recipients can verify: "Signed by the same sender as previous upload" — without user accounts, logins, or tracking.
An Ed25519 keypair is generated in your browser. The private key never leaves your device.
When you upload, your private key signs the file hash. The signature and public key are stored with the file.
Recipients see a fingerprint like "ABC1...XYZ2". Same fingerprint = same sender. Cryptographic proof without identity.
| Algorithm | Ed25519 |
| Key size | 256-bit (32 bytes) |
| Signature size | 512-bit (64 bytes) |
| Message format | tmp0.cc:upload:{fileHash} |
| Storage | localStorage (browser only) |
| Export | Backup/restore supported |
No registration, no login, no personal data collected.
Server doesn't link uploads to identities. Just cryptographic proof of same sender.
Private key generated and stored in browser. Never sent to server.
Signing is completely optional. Upload anonymously if you prefer.
// Check if Ed25519 is supported
const supported = await IdentityKeys.isSupported();
// Generate new keypair (stored in localStorage)
const { publicKey, fingerprint } = await IdentityKeys.generateKeyPair();
// Sign an upload (uses stored private key)
const signature = await IdentityKeys.signUpload(fileHash);
// Verify a signature
const valid = await IdentityKeys.verifySignature(publicKey, signature, fileHash);
// Check if same sender
const same = IdentityKeys.isSameSender(publicKey1, publicKey2);
// Export/import for backup
const backup = IdentityKeys.exportIdentity();
await IdentityKeys.importIdentity(backup);
Key Management
Your private key is stored in localStorage. Clearing browser data will delete it permanently. Use the export feature to backup your identity.
Automatic protection against malicious files with executable isolation, MIME validation, and risk assessment.
Defense in Depth
Multiple layers of protection: executable detection, MIME type validation, disguised file rejection, and risk-based isolation.
Detects executable files by extension, MIME type, and magic bytes. Isolated files are flagged and handled with extra caution.
Validates that file content matches declared type. Detects mismatches like a .jpg file that's actually a PE executable.
Automatically rejects files that appear to be executables disguised with safe extensions (e.g., malware.jpg that's actually an .exe).
High-risk file types are flagged with recommendation to upload as archives (ZIP, 7z) for safer distribution.
| Extension check | 50+ executable extensions |
| Magic bytes | MZ, ELF, Mach-O, #! shebang |
| MIME detection | Content-based type inference |
| Double extension | file.pdf.exe detection |
| Disguise detection | Safe ext + exec content = reject |
Standard files: images, documents, text, archives
Scripts, macros, less common executable formats
.exe, .dll, .bat, .ps1, .jar, .apk, .sh, .bin
windows_binary → .exe, .dll, .com, .scr, .msi windows_script → .bat, .cmd, .ps1, .vbs, .wsf unix_binary → ELF binaries, .so, .ko, .run unix_script → .sh, .bash, .zsh, .ksh macos_binary → .app, .pkg, .dmg java_archive → .jar python_script → .py, .pyw office_macro → .docm, .xlsm, .pptm android_package → .apk ios_package → .ipa
Transparent to Users
Policy evaluation happens automatically. Legitimate files upload normally. Only truly malicious patterns (like disguised executables) are rejected.