I should have mentioned that it's not really a file share, just a short piece of text (although that could be in a file).
The particular case here is me working with a vendor of ours that is setting up an FTPS account and needs to send me the password. I don't want to give them my phone info for SMS (which is normally how we do it: SMS or MS Teams message or Signal message with the password and the rest in email).
We ended up using
https://1ty.me/, but I'll try
https://privnote.com too. They seem to operate in an identical way. I can only hope, though, that the services are doing what they say an not storing my unencrypted text. I like these because they are simple and (apparently) effective.
You could, of course, verify that by hitting F12 in Chrome to open the debugger before saving and retrieving a test message and looking at the Network tab to examine the exact contents of what was sent to be stored.
> They seem to operate in an identical way
WOW!! Surprisingly... absolutely not! Not even close!
I just checked the network traffic (as described above) for
https://1ty.me. It is
vastly different and, in my opinion, inferior to
https://privnote.com. With
https://1ty.me/, when the (we can only hope) encrypted content is fetched, the content was returned in plain text without the client having to provide any key! Granted it was transferred over HTTPS, but, that still means the server did the decrypting. Which means they can decrypt your content. Assuming it was actually ever encrypted.
In stark contrast,
https://privnote.com encrypts the content
on the client using a locally generated key that is never sent to the server. As you may know, any URL that contains a # actually has two distinct parts. The part before the # is the normal URL that is used to fetch a page from a server. The part after the # is client-specific and is never sent to the server. Most frequently that part is used to position the browser at some tagged location on a retrieved page and/or highlight some matched content on the page.
Where Privnote stands well apart from 1ty.me is that the generated URL used to read the contents contains two parts. In the example above:
https://privnote.com/3cbt4Fmc#Kxgdcbkfi, the part before the #,
https://privnote.com/3cbt4Fmc, is the URL used to fetch an encrypted blob (ID: #3cbt4Fmc) from the Privnote server. The part after the #, "Kxgdcbkfi",
which never left the client during encryption, storage, retrieval, or decrypting, is the unique key required to decode that specific content. So, when you give someone the two-part URL for a Privnote, you are giving them both the URL to retrieve the encrypted content AND the key needed to decode it once it has been retrieved. The (very nice) gentleman who created Privnote does not ever have the ability to view your encrypted content. And the content never exists in unencrypted form outside of your client browser.