NotepadAnon Security

The Core Principle: Zero-Knowledge by Design

NotepadAnon is architected so that the server never receives your plaintext note. Every piece of sensitive content is encrypted in your browser before any network request is made. The server stores only opaque ciphertext — data it cannot decode under any circumstances.

This is not a trust policy. The encryption happens cryptographically, which means even if NotepadAnon’s servers were subpoenaed, hacked, or compromised, an attacker would walk away with meaningless ciphertext and nothing else.

AES-GCM 256-Bit Encryption

NotepadAnon encrypts your content using AES-GCM (Advanced Encryption Standard — Galois/Counter Mode) with a 256-bit key. AES-GCM is an authenticated encryption algorithm, which means it simultaneously ensures:

• Confidentiality — the content cannot be read without the key.
• Integrity — any tampering with the ciphertext is detected and rejected.
• Authenticity — you can be sure the note was not modified in transit.

AES-256-GCM is the same encryption standard used by government agencies, financial institutions, and secure messaging applications. It is considered computationally infeasible to brute-force.

The URL Fragment Key — Why It Never Hits the Server

When NotepadAnon creates a note, it generates a random encryption key and places it in the URL fragment — the portion of a URL after the # symbol.

By long-established web standards (RFC 3986 and browser behaviour), the fragment is never included in HTTP requests. Browsers intentionally strip it before sending any request to a server. This means NotepadAnon’s server receives the note ID in the path but never sees the decryption key in the fragment. Only the person holding the full link can decrypt the note.

Burn-After-Read Deletion

Once a NotepadAnon note is opened, the server immediately and permanently deletes the stored ciphertext. There is no recycle bin, no backup retention, and no soft-delete. The note ceases to exist on the server the moment it is first accessed.

Even if an attacker later compromised the database, a deleted note provides nothing to decrypt. The combination of burn-after-read deletion and client-side encryption creates a two-layer disappearing act.

What NotepadAnon Cannot Protect Against

Security transparency matters. NotepadAnon is honest about its limits:

• Screenshot or copy by the recipient — NotepadAnon cannot prevent the person reading the note from copying its content.
• Compromised recipient device — if the recipient’s browser or device has malware, that malware may capture decrypted content.
• Link interception — if the full URL (including the fragment) is captured via logs, clipboard sniffers, or browser history before the note is opened, confidentiality is lost.

For maximum security, share the NotepadAnon link over an already-secure channel and enable burn-after-read so the link becomes invalid after one use.

No Accounts, No Logs, No Tracking

NotepadAnon never asks for your identity. There are no cookies for tracking, no advertising pixels, and no analytics that tie note access to a user profile. Standard server infrastructure may retain request metadata briefly for security and operational purposes, but this is not linked to note content and is not used to build profiles.

Related Reading

• How NotepadAnon Works — Full Technical Overview
• What Is NotepadAnon?
• FAQ