Privnote vs OneTimeSecret: Server-Side Encryption Compared

What both tools do

Privnote and OneTimeSecret solve the same problem: you paste a secret, get a link, and the recipient reads it once before it self-destructs. Both use server-side encryption, meaning the secret travels to the server as plain text over HTTPS and gets encrypted after arrival. The server handles your secret in readable form at both ends of the journey.

The difference is in what you can verify about that process.

Privnote

Privnote encrypts on the server with an undisclosed algorithm. The code is closed-source, so there's no way to inspect the encryption logic or verify their security claims. The interface is simple and well-known, but that simplicity has a downside: phishing clones that look identical to the real site have been documented, and some have tampered with note contents before delivery.

• Encryption: server-side, undisclosed algorithm, closed-source
• Open source: no
• File support: none
• View limit: 1 (always)
• Expiry: after first view
• Account required: no
• Pricing: free, ad-supported
• Self-hosting: not available

OneTimeSecret

OneTimeSecret uses server-side AES-256 encryption, and the code is open source. You can inspect the encryption logic and run your own instance. That's a meaningful transparency advantage. Self-hosting means you control the server, the storage, and the deletion logic. The project has been around since 2012 and has a straightforward, auditable codebase.

• Encryption: server-side AES-256, open-source
• Open source: yes
• File support: none
• View limit: 1 (always)
• Expiry: 7 days (anonymous), 14 days (free account)
• Account required: no (optional free account for higher limits)
• Pricing: free tier, paid plans available
• Self-hosting: yes

Key differences

• Transparency: OneTimeSecret is open source. You can read the encryption code and verify claims. Privnote is closed-source with an undisclosed algorithm. You're taking their word for it.
• Self-hosting: OTS lets you run your own instance, eliminating the need to trust a third-party server. Privnote offers no self-hosting option.
• Phishing risk: Privnote's simple interface makes it easy to clone. Documented fake sites have intercepted or modified notes. OTS has less phishing exposure due to its lower public profile.
• Limits: OTS caps anonymous sharing at 100 KB with a 7-day expiry. Privnote doesn't publish size limits but restricts to text only.
• Ads: Privnote is ad-supported, running third-party scripts on the same page where you paste your secret. OTS has no ads.

Both tools use server-side encryption. Whether the code is open or closed, the server handles your secret in readable form. Open source lets you verify what happens; it doesn't change the encryption architecture.

A different approach: client-side encryption

With Secret.Broker, your browser encrypts the secret with XChaCha20-Poly1305 before anything goes to the server. The encryption key stays in the URL fragment, which browsers never include in server requests. The server stores ciphertext it can't decrypt.

This isn't about trusting the server less. It's about needing to trust the server less. Open source and self-hosting address the question of whether you trust the operator. Client-side encryption makes the question less critical, because the operator never sees the plaintext.

• Encryption: client-side XChaCha20-Poly1305
• File support: up to 20 MB (free)
• View limits: 1 to 25
• Expiry: 15 minutes to 30 days
• Paranoid mode: splits link and decryption key for two-channel delivery
• Account required: no

The protocol page documents the full encryption stack.

Related comparisons

Privnote vs Secret.Broker · OneTimeSecret vs Secret.Broker · Privnote vs Password Pusher · OneTimeSecret vs Password Pusher · All alternatives compared

Common questions