CipherDrp
    [HOME]

    FREQUENTLY ASKED QUESTIONS

    LAST UPDATED: JUNE 1, 2025

    Welcome to the CipherDrop FAQ. Find answers to common questions about our secure temporary message sharing service. For additional information, please review our Privacy Policy and Terms of Service.

    [01] SECURITY & TECHNOLOGY

    ▸ What's a cipher?

    A cipher is a method of encoding information to keep it secret. In cryptography, ciphers transform readable text (plaintext) into unreadable text (ciphertext) using mathematical algorithms and keys. CipherDrop uses modern encryption ciphers to protect your messages before they leave your browser.

    ▸ How secure is CipherDrop really?

    CipherDrop uses multiple layers of security:

    Client-side encryption: Messages are encrypted in your browser before transmission
    Zero-access encryption: We never see your decryption keys or message content
    Ephemeral storage: Messages automatically delete after retrieval or expiration
    HTTPS/TLS encryption: All communication is encrypted in transit
    No logging: We don't store readable IP addresses or personal data

    ▸ Can CipherDrop read my messages?

    No, absolutely not. CipherDrop uses client-side encryption mechanisms where messages are encrypted in your browser before being sent to our servers. The decryption key is contained in the link fragment (the part after '#') and never reaches our servers. Even if we wanted to read your messages, we technically cannot.

    ▸ What happens if I lose the link?

    The message becomes permanently inaccessible. Since the decryption key is embedded in the link and we don't store it separately, losing the link means the encrypted message cannot be decrypted by anyone - including us. This is by design for maximum security.

    ▸ Are there any security limitations I should know about?

    While CipherDrop is highly secure, remember that:

    Security depends on keeping the link secret until it reaches the intended recipient
    Anyone with the complete link can decrypt cipher and read the message (password protected ciphers, especially when the password is shared in a separate channel, are a better option)
    Use secure channels to share links
    Never share links on public forums or social media

    [02] DOMAIN & TRUST

    ▸ Why cipherdrop.app and not .com?

    We chose the .app domain for several security and practical reasons:

    Enhanced Security: .app domains require HTTPS by default - no insecure connections possible
    Google Registry: .app is managed by Google with stricter security requirements

    ▸ How do I know this is the real CipherDrop site?

    Always verify you're on the authentic CipherDrop:

    Official Domain: https://cipherdrop.app (with HTTPS)
    SSL Certificate: Check for the lock icon in your browser's address bar
    Bookmark/Add to Home Screen: Save the official URL to avoid typos, or add it to your phone's home screen home screen
    Avoid: Any other domain claiming to be CipherDrop

    ▸ Are there any fake CipherDrop sites?

    Be extremely cautious of imposters. Only use https://cipherdrop.app. Any other domain is unauthorized and potentially malicious. Fake sites might steal your messages or compromise your security. Always double-check the URL before creating or accessing messages.

    [03] FEATURES & USAGE

    ▸ What's the character limit for messages?

    Messages are limited to 5,000 characters. This includes all text, markdown formatting, and line breaks. The character count is displayed in real-time as you type, and the interface prevents you from exceeding this limit.

    ▸ How long do messages last?

    Message lifetime depends on your settings:

    ▸ Self-Destruct If Unread Expiry: You can set links to expire after 1 hour, 24 hours, or 7 days if unread.
    ▸ Message Viewing Window (browser viewing time): Messages are deleted immediately upon first access but you can set a timer for the recipient to view the message in their browser. Options of 1 minute, 5 minutes, and 10 minutes are available.
    No Recovery: Once accessed, messages cannot be recovered by anyone. They cannot even be re-accessed by the same person who received it.

    ▸ Can I edit a message after creating it?

    No, messages cannot be edited after creation. This is a security feature - once a message is encrypted and stored, it becomes immutable. If you need to make changes, you'll need to create a new message and securely share the new link.

    ▸ What is markdown and can I use it?

    Yes! CipherDrop supports markdown formatting for enhanced readability:

    **Bold text** and *italic text*
    Headers with # ## ### (H1, H2, H3)
    Bullet lists with - or *
    Numbered lists with 1. 2. 3.
    Links with [text](url)
    Code blocks with ```code```
    Inline code with `backticks`

    Markdown is automatically detected and safely rendered for recipients.

    ▸ Can I password-protect messages?

    Certainly. We encourage it. You can add an optional password for extra security. The recipient will need both the link AND the password to decrypt the message. Share the password through a different, secure channel than the link for maximum security.

    ▸ What's "Cipher Status Updates" and should I keep it enabled?

    This is unique to CipherDrop. It treats your secure cipher link as an active object and let's you know if, and when, it was accessed. Since the cipher is deleted the moment it is decrypted by the recipient, you also see a timestamp of that that decryption time. If by chance you are on the status page the same time your recipient starts viewing the message, you will see a live countdown of how long they have to view the message in their browser (just in case you forgot). This is all done anonymously without any identifiable information. Just cool tech.

    [04] PRIVACY & DATA

    ▸ Do you track users?

    No user tracking. CipherDrop requires no accounts, stores no personal information, and doesn't use tracking cookies. We use temporary, cryptographically hashed IP addresses solely for rate limiting and security monitoring - never for tracking individual users.

    ▸ What data do you store?

    We store only the minimum necessary data:

    Encrypted message content (which we can't read)
    Message metadata (creation time, expiry settings, password status)
    Temporary security data (hashed IP addresses for rate limiting, auto-deleted)
    NO personal information, browsing history, or readable content

    ▸ Can messages be recovered after deletion?

    No, messages cannot be recovered by users or CipherDrop. When messages are deleted (either after reading or expiry), they are permanently destroyed from our live operational systems.

    ▸ Do you sell data or show ads?

    Never. CipherDrop doesn't display advertisements or sell user data - we don't even collect data that would be valuable to sell. Our secure architecture means we literally cannot monetize user content or behavior. The service operates on a voluntary donation model for sustainability.

    [05] TECHNICAL SUPPORT

    ▸ My message won't load - what should I try?

    Try these troubleshooting steps:

    1. Check that you have the complete link including everything after the #
    2. Ensure you're on the official https://cipherdrop.app domain
    3. Try refreshing the page or using an incognito/private browsing window
    4. Check if the message has expired (link TTL or maximum lifetime reached)
    5. If password-protected, verify you have the correct password

    ▸ The link doesn't work - what are common issues?

    Most link issues are caused by:

    Incomplete link: The fragment (#) and everything after it is missing
    Wrong domain: Link was shared with incorrect website URL
    Expired message: TTL or lifetime limit was reached
    Already read: Message was set to delete immediately after reading
    Link corruption: Copy-paste error or messaging app modification

    ▸ Can I use CipherDrop on mobile?

    Yes. CipherDrop works on all modern devices - smartphones, tablets, and desktops. The interface adapts to your screen size, and all security features work identically across platforms. No app installation required - it works directly in your browser.

    ▸ Which browsers are supported?

    CipherDrop works on all modern browsers:

    Chrome, Firefox, Safari, Edge (recent versions)
    Mobile browsers (iOS Safari, Android Chrome)
    Very old browsers may not support modern cryptography features
    Recommendation: Keep your browser updated for best security

    [06] ADDITIONAL QUESTIONS

    ▸ Is CipherDrop free to use?

    Yes, completely free! CipherDrop operates on a voluntary donation model to cover infrastructure costs. There are no premium tiers, usage limits beyond reasonable rate limiting, or hidden fees. Donations help keep the service running and secure for everyone.

    ▸ Can I use CipherDrop for business communications?

    While CipherDrop provides strong security, evaluate if it meets your specific business requirements. Consider factors like compliance needs, audit trails, integration requirements, and organizational policies.

    ▸ Will you add more features in the future?

    We carefully consider new features that enhance security and usability without compromising our core privacy principles. Current development focuses on improving the markdown formatting experience (image uploads, etc.) and maintaining robust security. All new features must pass strict privacy and security reviews.

    Have a question not answered here? Review our Privacy Policy and Terms of Service for additional information.

    [END OF TRANSMISSION]