Skip to content

paperfrogs-hq/BurnLink

BranchesTags

Repository files navigation

BurnLink

GitHub License: MIT Live

BurnLink is an open-source, privacy-first file sharing platform with browser-side end-to-end encryption. Files are encrypted in your browser before ever leaving your device, and permanently deleted after the first download.

Originally started in 2024 — now actively maintained and in production.

Features

  • Browser-Side E2E Encryption — Files are encrypted client-side using AES-256-GCM before upload. The server never sees plaintext.
  • Two Sharing Modes
    • Password-protected — Recipient enters a password to decrypt
    • Link-key — Decryption key is embedded in the URL fragment (never sent to server)
  • One-Time Links — Files are permanently destroyed after the first successful download
  • View-Once Mode — File is viewable for 60 seconds, then burned regardless of download
  • Brute-Force Protection — 10-minute lockout after 3 failed password attempts
  • Up to 1 GB file size support
  • Presigned URLs — Direct client-to-storage transfers via Cloudflare R2
  • Clean, minimal UI — Responsive design, one-click link copy

Tech Stack

Layer Technology
Backend Node.js + Express
Templating EJS
File Storage Cloudflare R2 (S3-compatible)
Database / Metadata Supabase (PostgreSQL)
Deployment Netlify (Serverless Functions)
Encryption Web Crypto API (AES-256-GCM, PBKDF2)

How It Works

  1. Upload — Select a file and optionally set a password
  2. Encrypt — File is encrypted entirely in your browser
  3. Store — Encrypted payload is uploaded to Cloudflare R2; metadata goes to Supabase
  4. Share — You get a one-time shareable link
  5. Download — Recipient decrypts in their browser, then the file and link are permanently destroyed

Security

  • All encryption happens in the browser — the server never handles unencrypted data
  • AES-256-GCM encryption with PBKDF2 key derivation (210,000 iterations)
  • One-time download links prevent replay attacks
  • View-once mode enforces a timed destruction window
  • Content Security Policy (CSP) with per-request nonces
  • x-powered-by header disabled
  • Open source — fully auditable

Contributing

Contributions are welcome. Feel free to open issues and pull requests.

Support

For issues or questions, open an issue on GitHub.

BurnLink is a product of Paperfrogs/Open — an infrastructure-first studio building research-driven, production-ready tools.

About

BurnLink lets you share sensitive files with end-to-end encryption and one-time links that burn themselves after access. No accounts. No permanent storage. No trust required.

burnlink.page/

Topics

security privacy storage one-time end-to-end-encryption secured file-sharing-server

Resources

Readme

Security policy

Security policy
Activity
Custom properties

Stars

5 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages