just improve the UI, rest is great

Thanks! The pricing is very affordable. Will definitely consider it for increasing the size limit

Thank you so much for testing it out and taking the time to open the issues, really appreciate the feedback! I’ll take a look and work on them soon.

The person submitting the report would need to provide the file name and password.

Well, DeadDrop uses name + password modal as well as direct link.

If you are referring to DMCA (should have directly mentioned it), then NO, this content is not gonna be allowed. Those files will be permanently deleted once it is reported.

Yes, once there’s enough traffic, I plan to add an option for sharing larger files. The cost will depend on the file size.

Can you please clarify what do you mean by YCMA?

Well, DeadDrop is still in its early stages of development and right now deaddrop is focused on sharing sensitive images and documents. Moreover, I don’t have money to pay the bills but will increase the size limit once the site gets good traffic. However, I can provide you upto 100 MB for free, DM me.

So with that logic, if a person reports CSAM to police. The police first has arrest the person who reported it. Am I right?

Thanks for mentioning this, I really appreciate it. I will considering implementing hash scanning before encryption to help prevent illegal content.

Oh boy! Didn’t know about that. But how do other platforms like dropbox, whatsapp and telegram tackle these problems. Don’t they first have verify a content to delete or report about it.

Well, one service shuts down and they move on to another. Instead, deal with the real culprits that do these illegal things. Shutting my or anyone else’s services will make no change.

Yes, fork the code from github and host it on your own server.

By verify, I mean to check whether there is really something illegal in the file or not

I want to be very clear: I do not condone CSAM or any illegal activity. DeadDrop is simply a privacy-focused file-sharing service — like many tools that value anonymity, it can be misused, but that’s not its purpose or intent.

To your question: I’m not trying to “avoid jurisdiction” — I’m trying to build a service that respects privacy and anonymity, which I believe are fundamental rights. Unfortunately, any privacy tool (from Signal to Tor) can be exploited. The challenge isn’t the tool itself, but how we handle misuse without compromising basic freedoms for everyone else.

If we shut down every tool that could be misused, we’d also be shutting down freedom of speech, press, and secure communication. That’s not a solution — it’s just pushing the problem elsewhere.

Thanks for the detailed and thoughtful reply — I really appreciate the time you took to lay this out.

I know Aaron Swartz — big fan.

You’re right about many of these points. The biggest challenge with any web-based cryptography project is trust in code delivery, especially when it’s dynamically served. That’s a fundamental limitation of browser-delivered JavaScript, and I fully acknowledge it.

You’re also absolutely right that true zero-knowledge isn’t just about encryption — it’s about removing trust assumptions. The server still being able to serve malicious JS is a valid and well-known concern. That’s why I’ve made the code open-source and encourage self-hosting for anyone who doesn’t trust DeadDrop or me.

To clarify a few things:

-No JavaScript is sent after the file metadata is submitted — only the encrypted metadata and the file are transferred after the password is verified locally. I’m also planning to encrypt metadata (including filenames) to limit what the server can see.

-DeadDrop uses salted encryption. I’m using a proper key derivation function (PBKDF2) with a salt, which makes brute-force attacks significantly harder.

You’re right that unless users host the project themselves, they have to trust me — just like users of Signal technically have to trust their app stores and client builds. So, trust is a fundamental principal for a service like this and I promise the code that is delivered on the browser is same as on the github. However, if you don’t trust my instance, you can review, fork, and self-host it easily.

I’m not claiming DeadDrop is flawless — just that it’s a sincere attempt to build a privacy-first, zero-knowledge file-sharing tool. I am truly grateful for your feedback, thanks again.

deleted by creator

deleted by creator

deleted by creator