Can the service provider read my private messages?

No. Reputable one time secret services use zero-knowledge encryption, meaning the decryption key is never sent to the server. The onetimesecret provider only stores encrypted data that is meaningless without the key, which exists only in the URL you share.

Frequently Asked Questions About This Privnote Alternative

Q: What is a One Time Secret?

A one time secret is an encrypted private message that can only be viewed once before it automatically self-destructs. After the recipient reads the message, it is permanently deleted from the onetimesecret server, leaving no digital trace.

Q: How secure are one time secrets?

Onetimesecret services use AES-256 encryption, the same standard used by governments and military organizations. Combined with zero-knowledge architecture where the decryption key never reaches the server, they provide extremely strong security for private message sharing.

Q: What happens if I share the one time secret link with multiple people?

Only the first person to open the link will be able to view the private message. After the first view, the onetimesecret note is destroyed and the link becomes invalid. Anyone else who clicks the link will see an error message.

Q: How long do one time secrets last?

Most onetimesecret services allow you to set custom expiration times ranging from 1 hour to 30 days. If the private message isn't opened within the specified time, it automatically self-destructs even if never viewed.

Q: Is one time secret safe for sharing passwords?

Yes, onetimesecret services are one of the safest ways to share passwords. Unlike email or chat where private messages remain in history indefinitely, the password disappears after viewing, eliminating the risk of future breaches exposing it.

Get answers to common questions about onetimesecret, one time secrets, self-destructing notes, and secure private message sharing.

General Questions

What is a One Time Secret?

A one time secret is an encrypted digital private message designed to be viewed only once. After the recipient opens and reads the message, it is automatically and permanently deleted from all onetimesecret servers. This technology is commonly used for sharing passwords, API keys, and confidential data.

The key principles of onetimesecret are:

Private messages are encrypted with military-grade AES-256 encryption
The decryption key is embedded in the URL and never stored on one time secret servers
After viewing, the message is irrevocably destroyed
Unviewed onetimesecret messages automatically expire after a set time

Learn more about one time secrets →

How do self-destructing private messages work?

Self-destructing private messages in onetimesecret work through a combination of encryption and automatic deletion:

Encryption: Your one time secret message is encrypted in your browser using AES-256 before being sent to the server
Key separation: The decryption key is placed in the URL fragment (after #), which browsers never send to onetimesecret servers
Secure storage: Only encrypted, unreadable data is stored on the server
One-time access: When the link is opened, the private message is decrypted in the recipient's browser and simultaneously deleted from the server

See the detailed technical process →

What is the difference between Privnote and One Time Secret?

Privnote and onetimesecret are both popular services for sending self-destructing private messages. While they serve the same fundamental purpose of one time secret sharing, they differ in several ways:

Feature	Privnote	One Time Secret
Established	2008	2011
Password Protection	No	Yes
Read Notifications	Yes	Yes
Open Source	No	Yes

Both onetimesecret and Privnote are legitimate options for private message sharing. The best choice depends on your specific needs and preferences.

Security Questions

How secure are onetimesecret services?

One time secret services provide very strong security for private messages when implemented correctly. Here's why onetimesecret is secure:

AES-256 Encryption: The same encryption standard used by governments and military. It would take billions of years to crack using current technology.
Zero-Knowledge Architecture: The onetimesecret service provider never has access to your decryption key or original private message.
Ephemeral Nature: One time secrets that don't exist can't be stolen in future breaches.
No Account Required: No personal data is collected or linked to your onetimesecret secrets.

However, no system is perfect. Security also depends on how you share the one time secret link and the security of both sender and recipient devices.

Can the onetimesecret service provider read my private messages?

No - not if the one time secret service uses proper zero-knowledge encryption.

Here's how zero-knowledge works for private messages in onetimesecret:

Your one time secret message is encrypted in your browser before it's sent anywhere
The decryption key is placed in the URL fragment (after the # symbol)
URL fragments are never sent to onetimesecret web servers - this is part of the HTTP specification
The server only stores encrypted private message data that is completely meaningless without the key

Even if the onetimesecret provider wanted to read your one time secret message, or was compelled to by law enforcement, they technically cannot. They don't have the key.

Is one time secret safe for sharing passwords?

Yes - onetimesecret is one of the safest ways to share passwords as a private message. Here's why one time secrets are secure:

Unlike email, the password doesn't sit in inboxes indefinitely
Unlike chat apps, it won't appear in searchable private message history
The one time secret password exists only for the moment it's viewed
With onetimesecret password protection, even intercepted links are useless without the passphrase

Best practice: For maximum security, share the username through one channel (e.g., email) and the password as a private message one time secret through another channel (e.g., SMS link).

What if someone intercepts my onetimesecret link?

If someone intercepts and opens your one time secret link before your intended recipient:

They will be able to see the private message (this is a risk with any shared secret)
However, your intended recipient will then receive an onetimesecret error saying the note no longer exists
This immediately alerts you that something went wrong with your one time secret

Mitigation strategies for private messages:

Use onetimesecret password protection - the interceptor would also need the passphrase
Share the one time secret link through a different channel than your usual communication
Set short expiration times
Request confirmation from the recipient that they received the private message

Usage Questions

What happens if I share the one time secret link with multiple people?

Only the first person to open the onetimesecret link will see the private message. Here's what happens:

Person A opens the one time secret link → sees the message → message is deleted
Person B opens the same link → sees an onetimesecret error message saying the private message note no longer exists

This is by design. If you need to share the same one time secret information with multiple people, you must create separate secrets for each recipient.

How long do one time secrets last before expiring?

Most onetimesecret services let you choose an expiration time for your private message, typically:

1 hour - For time-sensitive one time secret information
24 hours - Most common default for private messages
7 days - For less urgent onetimesecret sharing
30 days - Maximum on most one time secret platforms

If the private message isn't viewed within this time, it automatically self-destructs. This ensures forgotten onetimesecret secrets don't linger on servers indefinitely.

Recommendation: Use the shortest expiration time practical for your one time secret situation.

Can I retrieve an onetimesecret message after it's been viewed?

No. This is the fundamental principle of one time secrets and private messages.

Once viewed, the onetimesecret message is:

Permanently deleted from all servers
Impossible to recover
Gone forever

There is no "recycle bin," no backup, no way to retrieve it. This is intentional - the security of one time secrets and private messages depends on this guaranteed destruction.

If you need to reference onetimesecret information later, self-destructing private messages are not the right tool. Consider encrypted storage solutions instead.

Is there a size limit for one time secret private messages?

Yes, most onetimesecret services have size limits for one time secrets, typically:

Free tier: 10,000 - 100,000 characters for private messages
Paid tier: Up to 1MB or more

One time secrets and onetimesecret are designed for text-based private message information like:

Passwords and credentials
API keys and tokens
Short confidential private messages
Configuration snippets

For large files or documents, consider using encrypted file sharing services with expiring links instead of one time secret services.

Do I need an account to use onetimesecret?

Usually not. Most one time secret services are designed to work without registration for private messages.

This provides several benefits for onetimesecret users:

Anonymity: No personal data linked to your one time secrets
Convenience: Instant use without signup friction for private messages
Privacy: No account to be compromised later

Some onetimesecret services offer optional accounts for features like:

View history of sent one time secrets
Email notifications when private messages are read
Higher size limits for onetimesecret
Custom branding