BurnLink is an open-source, privacy-first file sharing platform with browser-side end-to-end encryption. Files are encrypted in your browser before ever leaving your device, and permanently deleted after the first download.
Originally started in 2024 — now actively maintained and in production.
- Browser-Side E2E Encryption — Files are encrypted client-side using AES-256-GCM before upload. The server never sees plaintext.
- Two Sharing Modes
- Password-protected — Recipient enters a password to decrypt
- Link-key — Decryption key is embedded in the URL fragment (never sent to server)
- One-Time Links — Files are permanently destroyed after the first successful download
- View-Once Mode — File is viewable for 60 seconds, then burned regardless of download
- Brute-Force Protection — 10-minute lockout after 3 failed password attempts
- Up to 1 GB file size support
- Presigned URLs — Direct client-to-storage transfers via Cloudflare R2
- Clean, minimal UI — Responsive design, one-click link copy
| Layer | Technology |
|---|---|
| Backend | Node.js + Express |
| Templating | EJS |
| File Storage | Cloudflare R2 (S3-compatible) |
| Database / Metadata | Supabase (PostgreSQL) |
| Deployment | Netlify (Serverless Functions) |
| Encryption | Web Crypto API (AES-256-GCM, PBKDF2) |
- Upload — Select a file and optionally set a password
- Encrypt — File is encrypted entirely in your browser
- Store — Encrypted payload is uploaded to Cloudflare R2; metadata goes to Supabase
- Share — You get a one-time shareable link
- Download — Recipient decrypts in their browser, then the file and link are permanently destroyed
- All encryption happens in the browser — the server never handles unencrypted data
- AES-256-GCM encryption with PBKDF2 key derivation (210,000 iterations)
- One-time download links prevent replay attacks
- View-once mode enforces a timed destruction window
- Content Security Policy (CSP) with per-request nonces
x-powered-byheader disabled- Open source — fully auditable
Contributions are welcome. Feel free to open issues and pull requests.
For issues or questions, open an issue on GitHub.
BurnLink is a product of Paperfrogs/Open — an infrastructure-first studio building research-driven, production-ready tools.