I left it

Securely Preserve Your Secrets with 'I left it'
– Your Private Data Vault

Welcome to 'I left it,' the ultimate web service for safeguarding your confidential text data. Our cutting-edge platform empowers you to store your sensitive information securely, putting you in control of your digital privacy.

Key Features

🔒 Client-Side Encryption
Your data's safety is our top priority. With 'I left it,' your information is encrypted directly in your browser, ensuring that only you have access to your content.
⏳ Timed Access
Set a timer for your data to be accessible. Once the time limit is reached, even you won't be able to open it. Your secrets remain sealed until you decide otherwise.
🌐 Zero-Knowledge Architecture
Rest easy knowing that our servers have no knowledge of your encryption keys or data content. Your privacy is paramount, and we keep it that way.

Whether it's sensitive notes, confidential messages, or personal thoughts, 'I left it' provides a secure and confidential way to retain your data. Sign up now and take control of your digital footprint with peace of mind.

Core Design

Client-Side Encryption
  • The app generates secret values: key, iv, and salt in the browser.
  • The app creates a crypto key from key and salt with PBKDF2 using 100,000 iterations in the browser.
  • The app encrypts plain text using crypto key and iv with AES256-GCM in the browser.
  • The app creates an auth key from the crypto key using SHA-512.
  • The app sends the encrypted data and the auth key to the server to persist and receives an ID for the item.
  • The app shows the URL of the item and the secret for opening it.
  • The user copies them and shares them with anyone.
Timed Access
  • Anyone cannot try decrypting the item before open time even if the user is owner.
  • The owner user of the item can extends its open time.
Security risks
  • If a user account is compromised, there is a possibility of adding, deleting, replacing, or extending the publication date of data, but the contents of the data will not be viewed.
  • Even if the secret for decryption is leaked, the contents of the data will not be exposed immediately as long as the publication date has not been reached.
  • Even if the server is compromised, the data is encrypted, and the decryption key is not stored on the server, so the contents of the data will not be exposed immediately, but it may be susceptible to brute force attacks.