Relay Secret

No. Everything is encrypted in your browser with AES-GCM-256 before upload. The key is derived from a random value we put in the URL fragment (#…), which browsers never send to servers.

Crypto upgraded from AES-CBC + PBKDF2 10k iterations to AES-GCM-256 (authenticated) + PBKDF2-SHA256 600k iterations. 16-byte salt, 12-byte random IV per message. The blob format is tagged "RSv1" so we can evolve it later.

Up to 2 GB on desktop browsers. WebCrypto needs the whole file in memory, so very large files depend on how much RAM the browser will give us.

The whole site and Worker are open source on GitHub — read every line yourself, or fork it and run your own. Inspect the network tab while you use the site: you'll only ever see ciphertext leaving your machine.