Get the App
Download on the App Store Get it on Google Play Get it from Microsoft
or
Use the Web App
Secure Drop
Anonymous · Encrypted · No login required
Your message is sealed and anonymous. We cannot identify you. No account or login is needed.
Your message
Max 3 files, 10 MB each
Powered by City of Hats · Get your own Secure Drop
Secure Channel
Anonymous · Bidirectional · Encrypted
Start an anonymous conversation. You'll receive a thread code to check for replies later.
Your message
Max 3 files, 10 MB each
Thread Code
Enter your thread code above to check for replies.
Powered by City of Hats · Get your own Secure Channel
📦 Dead Drops

One-Time Secure Delivery.
Then It's Gone.

Send encrypted messages, files, and credentials through self-destructing drops that burn after a single read. With steganography, time locks, and multi-path delivery — built for when even the channel needs to disappear.

Tutorial

See Dead Drops in Action

Watch how to create, share, and retrieve a Dead Drop in under 60 seconds. One-time access, burn-after-read, zero trace.

  • Create an encrypted dead drop with any message or file
  • Set a passphrase and optional time-to-live expiry
  • Share the retrieval code through any channel
  • Recipient opens once — content self-destructs
City of Hats Dead Drop
Dead Drops

Messages that burn after reading.

Dead Drops are self-destructing encrypted messages. Send sensitive information that disappears permanently after retrieval — no copies, no cache, no trace.

  • Self-destructs after a single view — content is permanently erased
  • Optional PIN protection — only the intended recipient can open it
  • Time-locked delivery — set when the message becomes available
  • Anonymous retrieval — no account required to receive a Dead Drop
  • Server-side encrypted — even we cannot read the contents
Core Capabilities

Built for Ephemeral Security

Every Dead Drop follows a strict lifecycle: create, deliver, destroy. No re-downloads, no server copies, no digital footprint.

🔥

Burn-After-Read

Once the recipient opens the drop, the encrypted payload is permanently destroyed on the server. There is no second chance — no re-download, no backup, no recovery. The data exists only for the moment it's needed.

Self-Destruct
🖼️

Steganographic Delivery

Hide your encrypted payload inside an ordinary image. The carrier image looks like a normal photo — only the recipient with the correct key can extract the hidden message. Perfect for hostile network environments.

Steganography

Time-Locked Encryption

Set a time window for your drop. The encrypted content automatically expires and is purged from the server if not retrieved within the specified timeframe — even if no one reads it.

Time Lock
🔀

Multi-Path Delivery

Split the decryption key across multiple shares using Shamir's Secret Sharing. The drop can only be decrypted when all shares are reunited — delivered through separate channels for maximum security.

Shamir's Shares
🤖

Verify I'm Real

Require the sender to pass a human verification challenge before the drop is created. Prevents automated bots from flooding the system with fake dead drops.

Anti-Bot
🧑‍💻

Recipient Face Verification

The recipient must verify their face with a live biometric scan before the drop content is decrypted and revealed. Ensures only the intended person reads the message.

Biometric
How It Works

Create. Deliver. Destroy.

A Dead Drop follows a strict lifecycle. No account needed, no pairing required — just a link and a key.

1

Compose Your Drop

Write your message or attach a file. Choose your options: steganography, time lock, multi-path shares. Everything is encrypted client-side with AES-256-GCM before leaving your device.

2

Share the Link

You receive a unique retrieval URL containing the drop code. The decryption key is embedded in the URL fragment — it never touches the server. Share via any channel you trust.

3

Recipient Retrieves & Burns

The recipient opens the link, the message is decrypted in their browser, and the server permanently deletes the encrypted payload. One read. Zero traces.

✍️
Compose
Client-side E2E encryption
☁️
Store
Encrypted blob only
🔗
Share
Key stays in URL fragment
📖
Retrieve
Decrypted in browser
🔥
Burn
Permanently deleted
Use Cases

When You Need One-Time Delivery

Dead Drops are designed for handoff, not conversation. Here's when they're the right tool.

🚨

Incident Response

Share breach details, indicators of compromise, and forensic screenshots with your security team — without leaving evidence in Slack or email.

🔑

Credential Delivery

Send temporary passwords, API keys, or recovery codes that self-destruct after a single read. No more "I sent it in Slack" risks.

⚖️

Legal & Compliance

Deliver sensitive legal documents, contracts, or compliance reports with guaranteed destruction after retrieval. Full audit trail on client side.

📰

Whistleblower Sources

Accept anonymous tips through steganographic drops that are indistinguishable from normal images. No metadata, no trail, no exposure.

🏥

Healthcare / HIPAA

Transfer patient data or test results securely with time-locked drops that expire within hours. Compliant with data minimization requirements.

🏢

Enterprise File Transfer

Send board-level documents, M&A materials, or financial reports through encrypted drops with multi-path key splitting for dual-authorization.

Security Principles

Dead Drop Rules

These aren't just features — they're architectural constraints that cannot be bypassed.

Enforced

  • One-time retrieval — deleted after first read
  • Client-side AES-256-GCM encryption
  • Decryption key never touches the server
  • Automatic expiration on time-locked drops
  • No account or pairing required
  • File attachments (up to 25 MB)
  • Client-side hash-chained audit log

By Design, Never

  • No re-download or second read
  • No server-side preview or rendering
  • No cloud storage or backup copies
  • No forwarding mechanism
  • No link to sender identity
  • No metadata logging on server
  • No recovery after burn