Dropshare

# dropsha.re - Zero-Knowledge File Sharing Platform

## Overview
dropsha.re is a free, open-source file sharing service that prioritizes privacy and security through zero-knowledge encryption.
Built by Magic Monad, it enables users to share files securely without requiring registration or compromising privacy.

## Core Features
- **Zero-Knowledge Architecture**: Files are encrypted client-side before upload; servers never see plaintext content
- **AES-256-GCM Encryption**: Military-grade encryption with randomly generated 256-bit keys
- **Client-Side Processing**: All encryption/decryption happens in the browser using Web Crypto API
- **No Registration Required**: Anonymous file sharing with no personal information collected
- **Automatic Deletion**: Files automatically deleted after 7 days
- **No Data Collection**: No cookies, tracking, analytics, or personal data storage
- **Cross-Platform**: Works on any modern browser with JavaScript enabled

## Technical Architecture
- **Frontend**: Astro.js with React components, TypeScript, Tailwind CSS
- **Encryption**: AES-256-GCM with 256-bit keys generated via Web Crypto API
- **Storage**: Cloudflare R2 object storage for encrypted files
- **Deployment**: Cloudflare Pages with serverless functions
- **Security**: HTTPS/TLS for all traffic, URL fragments for key sharing

## File Specifications
- **Maximum Size**: 1GB per file
- **Retention Period**: 7 days automatic deletion
- **Supported Types**: Any file type (no restrictions)
- **Upload Limit**: One file at a time
- **Share Links**: Unique encrypted URLs with decryption keys in URL fragments

## Encryption Process
1. File selected in browser
2. 256-bit AES-GCM key generated locally using Web Crypto API
3. File encrypted client-side with randomly generated 12-byte IV
4. Encrypted data uploaded to Cloudflare R2
5. Share URL created with decryption key embedded in URL fragment (#)
6. Key never transmitted to servers

## Privacy Guarantees
- **True Zero-Knowledge**: Servers cannot decrypt files even if compelled
- **No Personal Data**: No IP logs, user tracking, or identifiable information
- **No Cookies**: No tracking technologies or session management
- **Key Isolation**: Decryption keys remain in browser, never server-side
- **Automatic Cleanup**: Files permanently deleted after retention period

## Use Cases
- Secure document sharing for professionals
- Privacy-conscious file transfers
- Developer tool for temporary file hosting
- Healthcare/legal file sharing (HIPAA/GDPR compliant architecture)
- Emergency file sharing without account requirements

## API and Integration
- REST API for file upload/download
- Command-line compatibility (curl/wget/OpenSSL instructions provided)
- Signed URL generation for direct R2 uploads
- Metadata headers for file information

## Compliance and Legal
- GDPR compliant (zero personal data collection)
- CCPA compliant (no data selling or tracking)
- HIPAA-friendly architecture (zero-knowledge design)
- Terms of Service prohibit illegal content
- No law enforcement access to file contents (keys not available)

## Technical Implementation Details
- **Key Generation**: `crypto.subtle.generateKey()` with AES-GCM algorithm
- **IV Generation**: 12-byte random IV per file using `crypto.getRandomValues()`
- **Key Encoding**: Base64 encoding for URL-safe key transmission
- **File Structure**: IV prepended to encrypted data
- **Metadata**: Original filename, size, type, upload timestamp stored encrypted

## Browser Support
- Chrome, Firefox, Safari, Edge (modern versions)
- Requires JavaScript enabled
- Web Crypto API support required
- Progressive enhancement for older browsers

## Architecture Components
- **Frontend**: Astro static site generator with React islands
- **Styling**: Tailwind CSS with custom components
- **State Management**: React hooks for file upload/download states
- **Error Handling**: Comprehensive error messages and user feedback
- **Responsive Design**: Mobile-first approach

## Security Considerations
- URL fragments never sent to servers
- Encrypted blobs useless without decryption keys
- No server-side decryption capabilities
- Automatic key rotation (unique key per file)
- Protection against data breaches (encrypted data only)

## Performance Characteristics
- Client-side encryption adds minimal latency
- Global CDN distribution via Cloudflare
- Optimized for files up to 1GB
- Streaming upload for large files
- Bandwidth-efficient (no redundant transfers)

## Business Model
- Currently free service operated by Magic Monad