13 December 2016

One Time Secret: a useful service

It may not be NSA resistant, but One-Time Secret is a useful and easy to use service for activists worried about state surveillance.

In information security there is often a trade off between ease of use and level of security. But here One-Time Secret is a winner. It is extremely easy to use (no setting up of new accounts or downloading apps), and provides a high level of confidentiality for your email.

Basically, you open the webpage, write a message in the composition box, click and get a link. Instead of sending your message in an email you send the link instead. The recipient views the message by clicking on the link.

So, what’s the point? Well, the message can only be seen once. After the recipient has accessed it, the message is wiped from the servers of One-Time Secret. Of course, you can paste/copy the message content, but there is no evidence of whom it is from, nor is anything left on the net.

If the recipient can’t access it, s/he knows that somebody else has. So if you and your correspondent discover that you are under surveillance - or if you don’t trust One-Time Secret - you have the option of passwording (i.e. encrypting) the message. You then, of course, need to communicate the password to the recipient by some safe channel.

Left activists worried about surveillance, but not needing an NSA level of protection, can easily make use this service. On 10 November 2016, presumably to protect itself from the British Investigatory Powers Act (which requires providers to store their customers' data and break their own encryption) One-Time Secret moved its servers from London to Frankfurt.


Please note: I am not a technical expert, so I am not able to vouch for any technical aspect. One Time Secret is open source software.

No comments: