A thorough, honest assessment of Privnote's security model — what it protects, what it does not, and how to use it safely.
Privnote uses a client-side encryption model, which means your note is encrypted in your browser before it is transmitted to Privnote's servers. This is an important distinction from services that encrypt data only during transmission (HTTPS) but store it in readable form on the server.
When you create a note, Privnote's JavaScript code encrypts the text in your browser using a randomly generated encryption key. The encrypted note is then sent to Privnote's server for temporary storage. The encryption key itself is embedded in the URL as a fragment identifier — the portion of the URL after the # symbol.
URL fragments are a critical part of this security model. When a browser navigates to a URL, the fragment (the part after #) is processed locally by the browser and is never sent to the web server. This means Privnote's servers receive the encrypted note but never receive the key needed to decrypt it. In theory, Privnote's servers cannot read your note even if they wanted to.
All communication between your browser and Privnote's servers is protected by HTTPS (TLS encryption). This prevents network-level interception of your note during transmission. However, HTTPS only protects data in transit — it does not protect data stored on the server. This is why the client-side encryption is important.
When you add a manual password, it is used as an additional encryption key. The note is encrypted with both the random key (embedded in the URL) and your password. This means that even if someone obtains the URL, they cannot read the note without also knowing the password. This is the strongest security configuration Privnote offers.
The most serious documented risk with Privnote is the existence of phishing clones. Sites like privnotes.com (note the extra 's') are designed to look identical to Privnote but intercept your messages before delivering them. These clones have been documented stealing Bitcoin wallet addresses and other sensitive information by replacing the content of notes before delivery. Always verify you are on privnote.com.
Privnote cannot prevent the recipient from taking a screenshot, copying the text, or recording the screen. Once the message is displayed, the information is in the recipient's hands. The self-destruction prevents re-access via the link but does not prevent the recipient from preserving the content by other means.
If someone intercepts the Privnote link before the intended recipient opens it, they can read the note and the intended recipient will find it already destroyed. Links can be intercepted through compromised email accounts, malware, or insecure communication channels. Using password protection mitigates this risk significantly.
You must trust that Privnote's servers actually delete notes after reading and handle the encrypted data responsibly. Privnote is not open-source, so independent verification of these claims is limited. For most use cases this is an acceptable level of trust, but for highly sensitive data, consider open-source alternatives.