Shara

Anonymous encrypted message and file sharing

Create Encrypted Message

Important: Form data is NOT saved automatically to ensure complete anonymity. Make sure to write your message in one session.
Random Entropy Pool

Quick Access by Token

Service Features

End-to-End Encryption

All data is encrypted in the browser

File Sharing

Up to 20MB per file, up to 10 files

Anonymous Chats

Up to 30 participants

Complete Anonymity

No registration or logs

Fake Messages

Protection against coercion

Self-Destruction

Auto-delete after reading

Create Anonymous Chat

Beta version: Chat function is in testing phase. Possible errors and unstable operation.
All participants will need to enter this password to join the chat
If disabled, participants will be able to copy and select message text

Frequently Asked Questions

How does it work?

All messages are encrypted directly in your browser before being sent to the server. The decryption key is only transmitted through the link and is never stored on the server.

How secure is it?

End-to-end encryption with AES-256 or Vernam algorithms is used. The server stores only encrypted data that cannot be read. View security proofs

What is a fake message?

This is additional protection against coercion. You can create an alternative message with a separate password that will be shown instead of the real one.

Are logs stored?

No, the service does not store IP addresses, access times, or any other identifying information.

Security Analysis

All encryption operations happen exclusively in your browser. The server never sees your data in unencrypted form.

1. Entropy Collection

Mouse movements and keystrokes

2. Key Generation

Cryptographically strong key

3. Encryption

AES-256 in browser

4. Transmission

Only encrypted data

🔍 How to verify encryption yourself

You can verify the security of Shara using browser developer tools:

1
Open developer tools

Press F12 or Ctrl+Shift+I (Cmd+Opt+I on Mac)

2
Go to Network tab

Here all requests to the server are displayed

3
Create a test message

Enter any text and password, then click "Create Link"

4
Examine sent data

Find the POST request to /api/message and look at Request Payload

You will see only:
• encrypted: "encrypted string..."
• ttl: time to live
• maxReads: number of reads

You will NOT see:
Original message text
Password
Encryption key
5
Check browser console

Go to Console tab and type:

window.cryptoUtils

You will see an object with encryption methods that work only in the browser

📊 What this proves:
Server receives only encrypted data
Encryption happens in your browser
Passwords never leave your computer
Even we cannot read your messages
🛡️ Additional verification methods:
  • Study the source code on GitHub
  • Check the /js/crypto-utils.js file - all encryption code is there
  • Use a proxy (e.g., Burp Suite) to analyze traffic
  • Run your own Shara instance locally

Security Check

Keys are not sent to server
Encryption happens in browser
Server sees only ciphertext
Memory is cleaned after use
Protection against DevTools leaks

Enhanced Password Protection

🔓 Basic mode (without password)

Shara generates a cryptographically strong key automatically:

  • ✅ 256-bit random key of highest strength
  • ✅ No need to remember a password
  • ✅ Perfect for quick exchange
When to use: For regular messages when you control the link transmission channel.

🔐 Two-factor protection mode (with password)

Adds an additional layer of security:

  • ✅ Key is generated from your password via PBKDF2
  • ✅ Both link AND password required for decryption
  • ✅ Protection against interception or accidental link leak
  • ✅ 10,000 hashing iterations against brute force
When to use: For confidential data when maximum protection is needed.

💡 Security recommendations

Password generation: Use openssl rand -base64 32 to create a strong password

Password transmission: Always transmit password via separate communication channel

Password length: Minimum 16 characters for basic protection, 32+ for critical data

Fake Message Protection

How plausible deniability works

1
Creating two messages:
Real: "Meeting tomorrow at 3 PM, you know the place" Password: My$ecretP@ssw0rd2024!
Fake: "Hi! Just testing a new service" Password: password123
2
Coercion scenario:

If you're forced to reveal the content, you give the fake password. The system will show the harmless message.

3
Result:

Impossible to prove the existence of the real message. Both passwords look valid.

Important: The fake password should look plausibly simple, and the fake message should look natural.

Maximum Protection for Paranoids

Maximum security checklist:

About Service

We created Shara because we were fed up with the surveillance economy. Every app wants to know everything about you, every service tracks your every move. We said "enough" and built something different.

Shara isn't just another messaging app. It's a statement that your privacy matters. Your messages disappear when you want them to. Your files are encrypted before they leave your device. No one - not even us - can read what you send.

What We Do

Real Encryption

Your messages are encrypted in your browser before they're sent. We literally cannot read them.

Anonymous Chat

Create instant chat rooms with no registration. Share the link and start talking securely.

Messages Disappear

Set a timer and watch your secrets vanish. No traces, no backups, no "oops we forgot to delete it".

Secure File Sharing

Send encrypted files up to 20MB. Documents, images, anything you need to share privately.

Stay Anonymous

No phone numbers, no emails, no profiles. Just pure, anonymous communication.

Decoy Messages

Create fake messages that look real. Perfect for when someone forces you to reveal your secrets.

Still in Development

Shara is actively being developed. We're constantly improving security, adding features, and fixing bugs. Some things might break, some features are still experimental.

But here's our commitment: we'll never compromise on privacy. Every line of code is written with your security in mind.

Our Transparency

Open Code

All our encryption code is visible in three files: /js/crypto-utils.js (main), /js/crypto-worker.js (Web Worker), and /js/app.js (key generation). Nothing is hidden.

Proof of Encryption

Visit the Security tab to see live demonstrations of how your data is protected.

Server Blindness

Our servers only see encrypted gibberish. We physically cannot spy on you.

What We Believe

🔒

Privacy is Not Optional

It's not a premium feature or a luxury. It's a basic human right that everyone deserves.

🚫

Zero Tracking

We don't want to know who you are, what you send, or when you use our service.

💝

Free as in Freedom

No ads, no data harvesting, no hidden business models. Just a tool that works for you.

Help Keep Shara Running

Privacy costs money - servers, security audits, development time. If Shara has helped you, consider helping us keep it alive.

Bitcoin
Загрузка...
Litecoin
Загрузка...

Every donation goes directly to keeping Shara running. We're not getting rich from this - we just want to build something that respects your privacy.