Legit Official

Product & Engineering Blog

The official blog of Onetime Secret - Behind-the-scenes insights from the team building OneTime Secret. Follow our journey as we share operational challenges, deployment stories, product updates, and technical decisions. From UI improvements to infrastructure changes, we're documenting our experiences building and maintaining a privacy-focused message sharing platform.
Why we don't have a cookie notice
Company

Why we don't have a cookie notice

Delano
Industry Practices We Deliberately Avoid
Company

Industry Practices We Deliberately Avoid

At Onetime Secret, we believe privacy and simplicity go hand in hand. While many services collect extensive user data, we've chosen a different path focused on what matters most: secure, reliable secret sharing. You can learn more about our guiding principles in our documentation.
Delano
Expanding Horizons: Introducing US Data Locality for Onetime Secret
Feature

Expanding Horizons: Introducing US Data Locality for Onetime Secret

We're jazzed to introduce our new US locality, enhancing our data privacy options and expanding user choice. The US instance is now available at us.onetimesecret.com, complementing our existing EU site at eu.onetimesecret.com.
Onetime
Ugly By Nature: Why Our Blog Graphics Look Terrible (On Purpose)
Operations

Ugly By Nature: Why Our Blog Graphics Look Terrible (On Purpose)

Discover why Onetime Secret uses imperfect AI-generated images in our blog posts and how it aligns with our values of transparency and security.
Delano
Installing Onetime Secret: The Complete Guide (Part 1 of 5)
Guide

Installing Onetime Secret: The Complete Guide (Part 1 of 5)

Welcome to our comprehensive series on setting up and installing Onetime Secret. In this first installment, we'll walk you through the process of installing Onetime Secret as a standalone web application using the latest methods and best practices. Whether you're a seasoned sysadmin or just getting started with self-hosting, this guide will help you get Onetime Secret up and running smoothly.
Delano
Onetime Secret v0.18.0: Enjoying the Vue
Release

Onetime Secret v0.18.0: Enjoying the Vue

Onetime Secret v0.18.0 brings significant improvements to our secure, one-time sharing platform. This release focuses on enhancing performance, security, and user experience.
Delano
Denial of Service (DoS) Attack: Day 5
Operations

Denial of Service (DoS) Attack: Day 5

Continued from the previous post (Sept 12th, 2024): Denial of Service (DoS) Attack: Continued Adventure.
Delano
Denial of Service (DoS) Attack: Continued Adventure
Operations

Denial of Service (DoS) Attack: Continued Adventure

Continued from the previous post (Sept 9th, 2024): Denial of Service (DoS) Attack: A brief summary.
Delano
Denial of Service (DoS) Attack: A brief summary
Operations

Denial of Service (DoS) Attack: A brief summary

See the follow-up posts:
Delano
Support for ASCII QR Codes
Privacy

Support for ASCII QR Codes

With a few improvements to our UI particularly in regards to font rendering, we now support ASCII QR codes. Actually UTF-8, but no one says "UTF-8 Art". Or maybe the do now and I'm just way behind. In any case, we now support ASCII and UTF-8 QR codes.
Delano
A verifiable error in our signup flow
Mistakes were made

A verifiable error in our signup flow

I introduced a bug that prevented new users from verifying their accounts. Verification emails went out fine but the link wasn't setting the `verified` flag on the account record.
Delano
Data Privacy Regulations: A New Framework for UI Design
Privacy

Data Privacy Regulations: A New Framework for UI Design

The current landscape of user interface design faces challenges similar to those of the late 1990s. Dial-up speeds, small screens (desktop included), and limited browser capabilities were the constraints of that era. Today's constraints, however, are not technical limitations but data privacy regulations like GDPR and CCPA. These regulations provide an opportunity to improve UI design.
Delano
UI/UX Updates - September '24
Product

UI/UX Updates - September '24

Some recent updates. I'm still working on the new design, moving the UI from purely old-school, server-rendered mustache templates to Vue 3 components. I've been making some incremental improvements here and there.
Delano
So the custom font was a whoopsies
Product

So the custom font was a whoopsies

So the new design has been up for about a month now. In my rush to get it out, I forgot to check the custom font in Safari. It's not loading. It's a bit of a whoopsies. I'm not sure what's going on. I'll have to look into it.
Delano
Onetime Secret v0.17.0: Foundation for the Future
Release

Onetime Secret v0.17.0: Foundation for the Future

This release focuses on foundational improvements and technical debt reduction. While maintaining the core functionality and user experience, v0.17.0 introduces substantial backend enhancements that set the stage for future innovations.
Delano
Onetime

Open-Source First Development Model

At Onetime Secret, we believe in transparency and community-driven development. Our open-source first approach ensures that all new features and improvements benefit our entire user base, from individual developers to enterprise customers. This post outlines our development model, its benefits, and how it shapes our business strategy.
Delano
Onetime Secret v0.16.0 Release - Modern UI and Enhanced Development
Release

Onetime Secret v0.16.0 Release - Modern UI and Enhanced Development

This major update brings significant modernization to Onetime Secret's technology stack and user interface, while maintaining its core functionality as a secure, one-time sharing platform for sensitive information.
Delano
Privacy

Privacy Policy Update (June 2024)

When we first launched in 2012, we never anticipated the widespread use and trust that our platform has gained over the years. To put it simply, we've been really fortunate to have a product that people have stuck with for more than a decade.
Delano
Best-Practices

Copying server data from the command-line, safely

All of times I've found myself in a situation where I need to get a little bit of data on to or off of a server somewhere. Copy & paste works in some cases but not always. Another option is a service like Pastebin but it's not cool for sensitive info like config files because even though you can easily forget to delete them when you're done.
Delano
Onetime

Onetime Secret is Now Opensource

Keep sensitive info out of your email & chat logs.
Delano
Onetime

Major UI update (with mobile support)

I worked on a new UI over the weekend and pushed it live today. Thanks to Twitter's Bootstrap v2 framework it's cleaner, easier to use, and works great on small (mobile) screens too. Here are a couple comparisons (old vs new):
Delano
Best-Practices

Protecting your credentials from criminals

C
Best-Practices

'Good' vs 'Strong' passwords

One of my pet peeves about security is people who advocate for 'strong' passwords. Everyone knows these people; they're the tech support person who tells you your password must have a minimum number of characters that you only use when censoring expletives. Even worse, some of them use a random password generator to assign a password to you that you're unable to change. The argument for this is that if you have a wider range of characters in your password, you have greater entropy and therefore it is harder for your password to be hacked. While there is some truth to that, there are numerous flaws in the logic when using it to determine a good security policy:
C
Tools

New API client library: Perl

We now have a perl client library for our API thanks to Kyle Dawkins. The code is available on Github and CPAN. Here's an example:
Delano