I'm the Co-Founder of a product R&D lab, RareDev. We built SafeShare because we wanted to solve the "Intermediary Trust Paradox." Most "secure" cloud links still give the provider access to the encryption keys. We wanted a tool where the provider is mathematically irrelevant.
The Architecture:
We use client-side encryption via the Web Crypto API. Files are encrypted in the browser before they ever touch our servers. The encryption key stays in the URL fragment (after the #), so it's never sent to the server. Even if our infrastructure were fully compromised, the files remain indecipherable.
What’s New (v1.1.0):
After an initial launch spike in January, we spent the last month focusing on utility and friction:
Encrypted Room Chat: Real-time E2EE chat within the file room.
ZIP Downloads: Multi-file rooms can now be bundled and downloaded as a single ZIP with progress/resume support.
No-Auth UX: No accounts, no tracking, just utility.
Ephemeral by Design: 24h auto-deletion and burn-after-download options.
The Tech Stack:
We optimized for a low footprint and high speed to ensure the decryption feels instant globally. We use a zero-knowledge design and store no personal metadata.
I’d love the community's feedback on the security model, especially regarding our implementation of the Streams API for large file handling. What are we missing?
I'm the Co-Founder of a product R&D lab, RareDev. We built SafeShare because we wanted to solve the "Intermediary Trust Paradox." Most "secure" cloud links still give the provider access to the encryption keys. We wanted a tool where the provider is mathematically irrelevant.
The Architecture: We use client-side encryption via the Web Crypto API. Files are encrypted in the browser before they ever touch our servers. The encryption key stays in the URL fragment (after the #), so it's never sent to the server. Even if our infrastructure were fully compromised, the files remain indecipherable.
What’s New (v1.1.0): After an initial launch spike in January, we spent the last month focusing on utility and friction:
Encrypted Room Chat: Real-time E2EE chat within the file room.
ZIP Downloads: Multi-file rooms can now be bundled and downloaded as a single ZIP with progress/resume support.
No-Auth UX: No accounts, no tracking, just utility.
Ephemeral by Design: 24h auto-deletion and burn-after-download options.
The Tech Stack: We optimized for a low footprint and high speed to ensure the decryption feels instant globally. We use a zero-knowledge design and store no personal metadata.
I’d love the community's feedback on the security model, especially regarding our implementation of the Streams API for large file handling. What are we missing?