China is the one of the most populated country in the world. It produces about 30% of all manufactured goods many of which is consumed by rest of the world. So yeah there is going to be some pollution. If we take about on a per-person basis countries like the U.S. still emit more. Moreover, China is the largest investor in renewable energy and China alone accounted for roughly 40% of the world’s renewable energy investment.

Yes, fork the code from github and host it on your own server.

Thanks for the detailed and thoughtful reply — I really appreciate the time you took to lay this out.

I know Aaron Swartz — big fan.

You’re right about many of these points. The biggest challenge with any web-based cryptography project is trust in code delivery, especially when it’s dynamically served. That’s a fundamental limitation of browser-delivered JavaScript, and I fully acknowledge it.

You’re also absolutely right that true zero-knowledge isn’t just about encryption — it’s about removing trust assumptions. The server still being able to serve malicious JS is a valid and well-known concern. That’s why I’ve made the code open-source and encourage self-hosting for anyone who doesn’t trust DeadDrop or me.

To clarify a few things:

-No JavaScript is sent after the file metadata is submitted — only the encrypted metadata and the file are transferred after the password is verified locally. I’m also planning to encrypt metadata (including filenames) to limit what the server can see.

-DeadDrop uses salted encryption. I’m using a proper key derivation function (PBKDF2) with a salt, which makes brute-force attacks significantly harder.

You’re right that unless users host the project themselves, they have to trust me — just like users of Signal technically have to trust their app stores and client builds. So, trust is a fundamental principal for a service like this and I promise the code that is delivered on the browser is same as on the github. However, if you don’t trust my instance, you can review, fork, and self-host it easily.

I’m not claiming DeadDrop is flawless — just that it’s a sincere attempt to build a privacy-first, zero-knowledge file-sharing tool. I am truly grateful for your feedback, thanks again.

deleted by creator

deleted by creator

deleted by creator

( Yeah, worked with VPN ). This website is great but very different from deaddrop

is this only me

Fair point — I should’ve been more careful with the wording. I’ve open-sourced the code exactly so that people can audit, test, and critique it. I don’t expect blind trust, and I’m not claiming it’s perfect, just that I built it with privacy in mind.

If you have concerns, I’d genuinely appreciate feedback or a review. My goal is to improve it, not just promote it

It is a P2P service. While as Deaddrop is like a cloud storage to temporarily save and share a file