What is passnote.io?

passnote.io a site for transmitting secrets over channels which not completely trustworthy. Examples of such not completely trustworthy channels are SMS, email, Slack, and Discord. These channels provide some level of security, but don't provide the level of security necessary to protect secrets.

How does it work?

The person sending the secret navigates to the site in their favorite browser and enters the secret in the text entry box, then presses the Drop button. The site will generate a one-time-use URL that can be sent to the recipient. In simple terms, the secret is encrypted with a key that is generated fresh on the spot, then saved to the cloud with a timed expiration. An identifier for the secret along with the encryption key is encrypted and put into the URL to be sent to the recipient.

When the recipient navigates to that URL, the site will decypt the data in the URL, and then will use the key to decrypt the secret stored in the site. The secret will be put in the text box for the recipient to do with what they will.

What data does passnote.io keep about me?

The short answer is "as little as we possibly can." The longer answer is that the site hangs on to the secrets that are being transmitted for as long as is necessary to get them to the recipient, or until the expiration time (whichever is soner). These secrets are encrypted (using a key that is generated uniquely for each secret) prior to being stored in AWS DynamoDB. Additionally, DynamoDB performs its own encryption prior to actually writing the data to disk. AWS undoubtedly has its own procedures for addressing data remenance, but it should be noted that the double-encrypted secrets do live for a time on drives in AWS. AWS logs various pieces of data, like date / time, and IP addresses.

If people send us emails, we will retain them for as long as it makes sense to us do keep them. If you wish to remain anonymous, keep this in mind.

Ads... why'd it have to be ads??

We get it. We hate sites with ads too. The reality is that the AWS resources cost money. The prices are fair and competitive, but it's still not free. So we need to make some money to cover these costs. Above all, we want to avoid being in the business of knowing anything about you. If we were to offer a premium ad-free version of the site, we would have to have a paper trail connecting you to us, and further we'd have to establish authentication mechanisms which by necessity disambiguates your identity. The same goes for patronage and donations - it establishes a paper trail.

What kinds of secrets can I transmit with passnote.io?

passnote.io can handle text-based secrets, up to 5MiB in size. If you want to transmit a binary secret, we recommend base64 encoding to convert it into text. The recipient can decode the base64 back into binary form.

How do I know that passnote is secure?

The trust model for the site is to invite reputable auditors to review the source code and AWS resource configuration. If you are someone in the security community with a reputation for honest dealings, we will give you access to the source and audit credentials for AWS in order to inspect the site and its inner workings. As such audits are done, we will include links to Tweets (or other media) containing the results of said audits. If you wish to audit passnote.io, please contact jimmy@passnote.io.

In more specific terms, the encryption of secrets is performed with the Python Fernet symetric encryption functionality of the cryptograpy module. A new key is generated for each secret. The secret ID is generated using a `hashlib.sha256` digest of 32 bytes (aka 256 bits) of random data from `os.urandom`. The secret ID and key are encrypted using a fixed Fernet key which is rotated monthly. The encrypted secret ID and freshly generated key are encoded into the URL that is sent to the recipient. If vulnerabilities are discovered in the Fernet symetric encryption functions of the cryptography module, they might be exploited to reveal some or all of the secrets handled by passnote. For this reason, passnote carefully monitors the cryptography module for announced security issues, and updates accordingly.

What is passnote's privacy policy?

In general, passnote strives for user privacy by retaining as little information about our users as possible. There are however privacy implications occasioned by the adition of ads on the site. The following are important considerations to be aware of: