undefined | Better HN

0 pointsstophecom4y ago0 comments

It is done entirely on the client. You can check the source code. Read more on scrt.link/security.

0 comments

But if the key is added to the link itself then you could be storing the encrypted string and decrypting it after getting a request for a link that contained the key.

I'm not accusing you of that - just saying there is no way to prove that's not happening.

stophecomOP4y ago

The part of the URL holding the encryption key is not sent to the server. https://stackoverflow.com/questions/14462218/is-the-url-frag...

Don't take my word for it :) You can check all code that runs in your browser and check all requests made within the network tab.

ALittleLight4y ago

Okay, nice! I withdraw my comments.

j / k navigate · click thread line to collapse

0 comments

ALittleLight4y ago

But if the key is added to the link itself then you could be storing the encrypted string and decrypting it after getting a request for a link that contained the key.

I'm not accusing you of that - just saying there is no way to prove that's not happening.

stophecomOP4y ago

The part of the URL holding the encryption key is not sent to the server. https://stackoverflow.com/questions/14462218/is-the-url-frag...

Don't take my word for it :) You can check all code that runs in your browser and check all requests made within the network tab.

ALittleLight4y ago

Okay, nice! I withdraw my comments.

j / k navigate · click thread line to collapse