Frequently Asked Questions

Everything you need to know about SNote

What is SNote?

SNote is a secure way to share sensitive information that automatically disappears after being viewed. It uses end-to-end encryption to let you share text notes and files with complete privacy. All encryption happens in your browser, so even SNote's servers never see your unencrypted content. It's perfect for sharing passwords, credentials, or confidential documents without leaving traces in emails or messaging apps.

How does SNote work?
  • You create a secure note with text, files, or both
  • Your content is encrypted in your browser before leaving your device
  • You share the generated link with your recipient
  • When they open the link, the content is decrypted in their browser
  • After viewing, the note is permanently deleted from the servers
Is SNote really secure?

Yes. SNote is built with security as the top priority:

  • Your content is encrypted in your browser before transmission
  • The encryption key is never sent to the servers
  • The system can't see or access your unencrypted data
  • Notes are automatically deleted after viewing
What can I share with SNote?

You can share:

  • Text notes of any length
  • Files (up to 10 files, 5MB total)
  • A combination of text and files

All with the same level of security and self-destructing functionality.

What are some common use cases for SNote?

Sharing credentials and API keys

SNote is perfect for sharing sensitive access information like passwords or API keys. Since the content self-destructs after being viewed, it won't persist in email or chat history, eliminating the security risk of having credentials stored permanently in communication channels.

Securing information sent through unencrypted channels

When sharing sensitive information through standard email or messaging apps that aren't end-to-end encrypted, SNote provides an important security improvement. By using SNote, the sensitive content itself never appears in these unencrypted channels – only the link does. While an adversary who intercepts the communication could potentially access the note first, the recipient would immediately know this happened because they would see that the note has already been viewed and destroyed. For stronger security, use the custom password feature and share that password through a different communication channel, which prevents access even if someone intercepts the link.

Transferring data between your own devices

SNote makes it easy to transfer sensitive information between your own devices. Create a note with a human-readable URL and a custom password you can easily remember. You can then access your data from another device by entering the simple link and your password.

How long are notes stored?
  • After viewing: Notes are permanently deleted immediately after being viewed
  • With expiration: If you set an expiration time, notes will be deleted after that period even if unviewed
  • Maximum duration: The longest a note can exist unviewed is 7 days
What happens if I lose the note link?

If you lose the link, there is no way to recover the note. This is a deliberate security feature - only someone with the exact link can access the note. SNote doesn't maintain any way to search for previously created notes.

How does the Custom Password feature work?

The Custom Password feature changes how the encryption key is generated:

  • Without a custom password: SNote generates a random encryption key and appends it to the URL as a fragment (after the # symbol)
  • With a custom password: Instead of using a random key, SNote derives the encryption key from your password

The custom password isn't an additional layer on top of the random key; it replaces it. This means the recipient needs to know your custom password to decrypt the content rather than relying on the key in the URL.

What's the benefit of Human Readable Links?

Human Readable Links create URLs that are easier to type or communicate verbally (like "AB2-D34" instead of a mixed case string of random characters). This is especially useful when:

  • Sharing links verbally or over the voice call
  • Transferring data between your devices (combined with a custom password)

When used with a custom password, you can create a link that's easy to type on a mobile device while still maintaining security through your password.

Can I create a note with only files?

Yes! You can create secure notes that contain only file attachments. Simply upload your files without adding any text. The same security and self-destructing features apply.

Does SNote work on mobile devices?

Yes, SNote works on all modern browsers, including mobile browsers on iOS and Android devices.

Is there a limit to how many notes I can create?

No, there is no limit to the number of secure notes you can create with SNote.

What encryption does SNote use?

SNote is built on strong, modern encryption technologies to ensure maximum security. All content is encrypted with AES-256-GCM using random IV, providing authenticated encryption that protects both confidentiality and integrity. The encryption happens entirely in your browser using the native Web Crypto API, eliminating reliance on third-party libraries that could introduce vulnerabilities.

Your encryption key is never transmitted to the server - it's appended to the URL as a fragment (after the # symbol), which browsers intentionally never include in server requests. When you choose to use a custom password, SNote employs PBKDF2 with 100,000 iterations to derive the encryption key, enhancing protection against brute force attacks while maintaining good performance even on mobile devices.

To verify that only the intended recipient can access the content, SNote implements a challenge-response authentication protocol. This mechanism ensures that encrypted note content is provided to the client only after verification of possession of a valid encryption key without exposing it to the server, using a one-time random nonce for each verification attempt. Additionally, SNote enforces strict rate-limiting for authentication attempts, preventing attackers from making repeated guesses to access encrypted content.

Can the recipient save the content of a note?

Yes, and this is by design. The recipient can save the text or download the files they receive. SNote's purpose is to provide secure transmission and eliminate server-side storage of sensitive information, not to prevent the intended recipient from saving what you've shared with them.

For example, when sharing account credentials with a team member or friend, you want them to save the information securely in their password manager. SNote ensures the credentials aren't stored in email servers, chat logs, or other less secure places during the transmission process.

The self-destruct feature ensures that:

  • The content is only accessible once
  • The information doesn't remain stored on SNote's servers
  • There's no persistent link that could be accessed later by unauthorized parties
  • The data doesn't remain in transit systems like email servers or messaging platforms
What should I do if I need to share the same information with multiple people?

If you need to share the same sensitive information with multiple people, you should create a separate secure note for each recipient. This approach ensures maximum security for several reasons:

  • Each note has its own unique encryption key and access link
  • If one recipient's access is compromised, it doesn't affect others
  • You can track who has viewed their note (if a recipient reports the note was already viewed, you'll know someone else accessed their specific link)
  • You can use different custom passwords for different recipients if needed
  • Each note is independently deleted after viewing, maintaining the self-destruct feature for each recipient

While creating multiple notes requires slightly more effort, it significantly enhances security by ensuring each recipient has their own isolated access path to the information.