this post was submitted on 18 Jun 2026
51 points (94.7% liked)

Privacy

49165 readers
617 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
51
0807: a self-hosted file host with self-destructing links. Open source, Tor, no logs (0807.st)
submitted 12 hours ago by 0807@lemmy.world to c/privacy@lemmy.ml
16 comments fedilink hide all child comments
 

I run 0807, a file host I host myself.

You drop a file, you get a short link, and you choose when it disappears.

I am posting it here because the whole thing is built around privacy, and because I would rather lay out the real threat model than call it "secure" and let you find the gaps later.

The privacy side:

  • No account, no sign up. An upload is not tied to any identity.
  • No ads, no third party trackers, no analytics. Nothing is loaded from outside domains, so no fonts or scripts phoning home.
  • The server does not log IP addresses or requests. The rate limiter holds an IP in memory for a few minutes to count requests, then forgets it. Nothing is written to disk.
  • Reachable over Tor through an onion service.
  • Auto delete by time (one hour to thirty days, or never) or after a chosen number of downloads.
  • Optional password on files and on text notes.
  • Files up to 20 GB.
  • Executable types like exe, bat and scripts are blocked so it cannot be used as a malware drop.

The honest part, which this community will and should ask about:

it is not end to end encrypted. The server can read what is stored, on purpose.

I want to be able to remove illegal uploads when they get reported, child sexual abuse material above all. A server that cannot see its own contents cannot act on those reports, and I am not willing to run one that cannot.

So I gave up that form of secrecy in exchange for being able to take that content down.

What that means for you in practice the password is casual access control, not protection from me as the operator or from anyone who breaks into the server.

If you need real confidentiality, encrypt the file on your own machine before uploading and share the key separately.

Treat 0807 as a way to move files around with self destructing links and no account, not as a vault for secrets you cannot afford to expose.

It is open source, and I host the code on my own server instead of GitHub, so there is no third party in that loop either.

You can read every line check the no logging claim yourself suggest a change, or open an issue all without an account:

SRC

Questions and criticism welcome. If you think the encryption tradeoff is the wrong call, I will read the argument

you are viewing a single comment's thread
view the rest of the comments
[–] taco_shale032@lemmy.ml 2 points 10 hours ago (1 children)

Is this a repost? I’m sure I saw a post like this already a few days ago.

[–] 0807@lemmy.world 1 points 10 hours ago (1 children)

Yes, I took the liberty of reposting it (by creating a domain specifically for the source code) and adding some major improvements

[–] taco_shale032@lemmy.ml 1 points 7 hours ago* (last edited 6 hours ago)

I see, is there a reason why you don’t just link to the GitHub repository (or better yet, use Codeberg)? Seems a bit strange to have the logo there when it goes to a different domain. This project looks like it could be useful.

Edit: I found the contribute pages, I’m assuming you did it this way for those that wish to stay anonymous (e.g: Tor visitors).