Temporary File Sharing

Fast, secure, and effortless

Maximum 2 GB per upload

Ctrl+V to paste text or files

Paste text for code snippets with syntax highlighting

E2E Encryption Password

E2E encryption is recommended. Your password never leaves your device.

Download limit

Expires after

Add a note

True Zero-Knowledge

No server-side processing. Requires E2E password.

Burn after reading

File will be deleted after first download

Share Code Snippet

Paste or type your code

0 lines · 0 chars

Language

Expires in

Password (optional)

Burn after reading

Snippet will be deleted after first view

Privacy Policy

Privacy-first: Minimal data, maximum protection

Privacy-First Architecture

E2EE files (with password — default recommendation): Encrypted in your browser before upload using Argon2id + AES-256-GCM. A built-in password generator and entropy meter enforce minimum password strength (50+ bits). The server stores only ciphertext.

True Zero-Knowledge mode: E2EE with the additional guarantee that the server performs zero plaintext processing — no metadata stripping, no virus scan, no hash blocklist check. The server treats your upload as an opaque encrypted blob.

Server-encrypted files (no password): A warning is displayed when uploading without encryption. The server processes your file (hash computation, metadata removal, virus scan), then encrypts at rest. The server has temporary access to plaintext during processing.

What We Don't Collect

Raw IP Addresses - Only HMAC-SHA256 hashes stored temporarily in memory (keyed with a server secret — see note below)
User Accounts - No accounts, no profiles, no login required
Traditional Access Logs - No web server logs with IP/user-agent (we use a transparency log with hashes only - see below)
Tracking Cookies - No analytics, no third-party trackers

About IP hashing: We use HMAC-SHA256 with a server-side secret key to hash IPs. Unlike plain SHA-256, HMAC prevents reverse-engineering via lookup tables — even with full access to the hashed values, the original IPs cannot be recovered without the secret key. The key is configurable via environment variable or auto-generated per instance.

What We Store (Minimal)

Encrypted files (key in memory only)
File metadata (name, size, expiration, view count)
SHA-256 file hash (for blocklist/abuse prevention)
Secret delete token (for file owner deletion)
Optional note (if provided)
Code snippets (content, language, title, expiration)

Code Snippets

Code snippets are stored in an in-memory database that is cleared on server restart. Snippet content is not encrypted server-side (unlike files) but can be password-protected with client-side encryption.

Snippets auto-delete after their chosen expiration time (1 hour to 30 days) or when download limits are reached.

Delete Link & Your Right to Erasure

Each upload generates a secret delete link containing a unique 32-character token. This link allows you to delete your file at any time before expiration.

Important: Keep your delete link private. Anyone with this link can delete your file. We cannot recover deleted files.

P2P Transfer

Zero server storage — strongest privacy mode. P2P transfers use WebRTC DataChannel (DTLS-encrypted) to send files directly between browsers. No file data, metadata, or transfer history is ever stored, logged, or cached.

Privacy-relevant details:

Signaling data (SDP, ICE candidates) relayed in-memory only, never stored
File content, name, size, type — never seen by server
DTLS keys negotiated directly between peers

ICE candidates and IP exposure: During signaling, IP addresses of both peers are relayed through our server for NAT traversal. Held in memory only, never written to disk. Room data is garbage-collected after 10 minutes.

Third-party STUN/TURN: Google and Cloudflare STUN servers used for NAT discovery (binding requests only). Optional TURN relay for firewalled users — relays encrypted traffic it cannot decrypt.

QR Codes

QR codes are generated entirely in your browser using client-side JavaScript. No data is sent to external services.

Temporary Security Data

Brute Force Protection: We temporarily store HMAC-SHA256 hashed IP addresses in memory (not on disk) to prevent abuse. These keyed hashes cannot be reversed without the server's secret key and are automatically cleared after 1 hour.

Rate Limiting: Request counts are tracked temporarily in memory using HMAC-hashed IP addresses. No persistent storage, no raw IPs stored. API key holders receive higher rate limits.

Abuse Detection: A scoring system tracks suspicious patterns (failed auth, rapid uploads, scanning behavior). IPs exceeding the abuse threshold are temporarily blocked for 15 minutes. Scores decay automatically after 5 minutes of inactivity.

Third-Party Services & JavaScript Security

External Resources (CDNs & Fonts):

We load the following resources from external CDNs:

Google Fonts (fonts.googleapis.com) - Inter typeface
Cloudflare CDN (cdnjs.cloudflare.com) - Font Awesome icons
jsDelivr CDN (cdn.jsdelivr.net) - Critical: Argon2 (encryption), JSZip, QR codes, Prism.js
Tailwind CSS (cdn.tailwindcss.com) - Styling framework

When you load tmp0.cc, your browser makes requests to these CDNs. Standard HTTP request data (IP address, browser info, referrer) may be logged by these services according to their privacy policies.

Security Trust Model:

E2EE encryption depends on JavaScript from jsDelivr CDN. If jsDelivr were compromised, malicious code could theoretically intercept passwords before encryption. This is a fundamental limitation of browser-based E2EE.

Mitigations: We use Subresource Integrity (SRI) hashes to verify library integrity. For maximum security, advanced users can use our CLI tool (which doesn't depend on CDNs).

Security Scanning

Virus Scanning: All uploads are scanned with ClamAV antivirus. Infected files are flagged.

Hash Blocklist: Known malicious or illegal content is automatically blocked based on SHA-256 hash.

Scanning Exceptions:

Files larger than 2 GB skip virus scanning (ClamAV memory limit)
E2EE files skip scanning (server cannot access plaintext content)

No Guarantee: Security scanning is provided on a best-effort basis. No antivirus can detect 100% of threats. Files marked as "clean" may still contain malware. Download at your own risk.

Encryption Details

See the encryption modes described above. For full cryptographic specifications (algorithms, key sizes, Argon2id parameters), see:

Automatic Metadata Stripping

For server-encrypted files, we automatically strip metadata from supported file types:

Supported formats:

Images (JPEG, PNG, GIF, WebP, BMP, TIFF) - EXIF data removed (GPS, camera info, timestamps)
PDF Documents - Author, title, subject, keywords, creator software removed

Limitations:

• Other formats (Word, Excel, MP3, MP4, ZIP, etc.) are NOT stripped
• E2EE files skip stripping (server cannot process encrypted content)
• File size itself can be identifying (we do NOT pad file sizes)
• File names are NOT anonymized (visible to server for all modes)
• ZIP archives may contain files with unstripped metadata

For maximum privacy with sensitive files, use E2EE and consider stripping metadata yourself before upload.

Transparency Log (This IS a Log)

We maintain a Merkle tree-based audit log of file operations. This is different from traditional access logs:

What IS logged: File hash (SHA-256), operation type (upload/download/delete), timestamp
What is NOT logged: IP addresses, user agents, file content, file names, passwords
Merkle tree structure - Cryptographic proof that log entries cannot be altered
Publicly verifiable via API at /api/v1/transparency/*

Privacy note: If someone knows a file's SHA-256 hash, they can check the transparency log to see when it was uploaded/downloaded. This enables auditing but also means file hashes are semi-public information. For maximum privacy, use E2EE (the hash of encrypted ciphertext reveals nothing about the original file).

CLI Tool & API

A command-line interface (tmp0) is available with full E2EE support for automated workflows and power users.

All features are accessible via public API endpoints documented in the API section.

Data Retention & Deletion

Files auto-delete after their chosen expiration time (1 hour to 30 days).

Deletion method: File content is overwritten with zeros before deletion
No backups: We do not maintain backups of user files
Database entries: Metadata is deleted from the database

Limitation: On modern SSDs with wear-leveling, "secure deletion" cannot be guaranteed at the hardware level. The SSD controller may retain old data in spare blocks. For highly sensitive data, use E2EE - even if old ciphertext is recovered, it cannot be decrypted without your password.

Jurisdiction & Legal Framework

Operating Jurisdiction: Iceland

tmp0.cc operates under Icelandic law. Iceland is a member of the European Economic Area (EEA), ensuring strong privacy protections equivalent to EU standards while benefiting from Iceland's robust legal framework for digital privacy and freedom of expression.

All legal matters, disputes, and data protection inquiries are governed exclusively by Icelandic law and subject to the jurisdiction of Icelandic courts.

GDPR & EEA Data Protection Compliance

As an EEA member state, Iceland has incorporated the General Data Protection Regulation (GDPR) into national law through the Icelandic Data Protection Act (Lög um persónuvernd og vinnslu persónuupplýsinga).

Data Processing Principles:

Lawful Basis: Processing based on legitimate interest (service provision) and user consent (file upload action)
Data Minimization: We collect only data strictly necessary for service operation (see "What We Store" above)
Purpose Limitation: Data used exclusively for file hosting and security; never sold, shared, or used for profiling
Storage Limitation: Automatic deletion after user-selected expiration period (1 hour to 30 days maximum)
No Data Processor Agreements: We do not share personal data with third-party processors. All data processing occurs on our own infrastructure

Your GDPR Rights:

• Right to Erasure: Use your delete link for immediate deletion, or contact us
• Right to Access: Your file + metadata is accessible via your share link
• Right to Portability: Download your file at any time before expiration
• Supervisory Authority: Persónuvernd (Icelandic Data Protection Authority) - personuvernd.is

Government & Legal Request Policy

Our Commitment to User Privacy

We are committed to protecting user privacy to the fullest extent permitted by law. Any government or law enforcement request for user data will be subject to rigorous legal scrutiny.

Request Handling Procedure:

1. Validity Assessment: All requests are reviewed for legal validity under Icelandic law. Invalid or overly broad requests are rejected outright.
2. Jurisdictional Challenge: Requests from non-Icelandic authorities must comply with applicable mutual legal assistance treaties (MLATs) and Icelandic procedural requirements.
3. Legal Contest: We will challenge requests that we believe are unlawful, disproportionate, or infringe on fundamental rights. Legal challenges will be pursued through all available appellate channels.
4. Minimum Disclosure: If legally compelled to comply, we provide only the specific data explicitly required by a valid court order—nothing more.

Technical Limitation: For E2EE files, we cannot provide plaintext content even under legal compulsion—we do not possess decryption keys. Any disclosed data would be limited to encrypted ciphertext and minimal metadata.

Transparency Report

In the interest of transparency, we publish annual statistics on legal and takedown requests received. This report is updated annually.

Year	DMCA Requests	Government/Legal Requests	Data Disclosed
2025	0	0	0
2026	0	0	0

Last updated: February 2026 • Next update: January 2027

Backup & Data Recovery Policy

Zero Backup Architecture

tmp0.cc intentionally operates without any backup systems. This is a deliberate architectural decision to maximize privacy—not a limitation.

Infrastructure Design:

No Off-Site Backups: User files are not replicated to backup servers or cloud storage
No RAID Redundancy: Servers do not use RAID configurations that would create data copies
No Snapshot Systems: No VM snapshots, filesystem snapshots, or point-in-time recovery
Ephemeral by Design: Server failure, crash, or decommissioning results in permanent, irrecoverable data loss

User Responsibility: If you need to retain a file beyond its expiration, download a copy. We cannot recover deleted or expired files under any circumstances—this is a feature, not a bug.

Verifiability: Our zero-backup policy is verifiable through our infrastructure: single-server deployment, no replication endpoints, no backup agent processes. This architecture ensures that when data is deleted, it is truly gone—with no hidden copies to potentially surface later.

Key Management

HSM-grade protection for master encryption keys
Working keys held in volatile memory only — never written to disk
Per-file keys derived using HKDF-SHA256 from master key + file salt

E2EE files: Server-side key management is irrelevant — your password-derived key never touches our servers.

Contact

privacy@tmp0.cc

API

Overview

Endpoints

API v2

Integrations

Security

tmp0.cc API

Programmatic access to temporary file and code sharing.

Base URL

https://tmp0.cc/api

Rate Limits

Endpoint	Limit
/v1/upload	10 req/min
/file/{id}/info	30 req/min
/file/{id}/download	60 req/min (per IP), 50 req/min (per file)
/file/{id}/delete	10 attempts max (then IP blocked)
/v1/chunked/*	30 req/min
/snippet/create	5 req/min
/snippet/{id}/info	30 req/min
/snippet/{id}/content	60 req/min
/snippet/{id}/raw	60 req/min

Rate limits are per IP address (HMAC-SHA256 hashed). Authenticated API key users get higher limits (30 uploads/min, 120 req/min). Headers: X-RateLimit-Remaining, X-RateLimit-Limit, Retry-After (when limited)

Quick Start

curl -X POST "https://tmp0.cc/api/snippet/create?language=python" \
  -H "Content-Type: text/plain" \
  -d 'print("Hello, World!")'

Authentication

Optional API key authentication for higher rate limits.

API Key (Optional)

All endpoints work without authentication. Providing an API key via the X-API-Key header unlocks higher rate limits for automated integrations.

Rate Limit Comparison

Feature	Anonymous	With API Key
Uploads per minute	10	30
Uploads per hour	50	200
API requests per minute	30	120

Usage

# Upload with API key for higher rate limits
curl -X POST "https://tmp0.cc/api/v1/upload" \
  -H "X-API-Key: tmp0_YOUR_KEY_HERE" \
  -F "file=@myfile.txt"

API keys are HMAC-SHA256 signed. Invalid keys trigger abuse detection scoring.

Abuse Detection

Automatic Protection

Suspicious patterns (failed auth, rapid uploads, scanning, repeated rate limit hits) are scored. Exceeding the threshold results in a 15-minute temporary block. Scores decay after 5 minutes of normal behavior.

Errors

Standard HTTP status codes indicate success or failure.

Status	Description
200	Success
400	Bad request - invalid parameters
401	Unauthorized - invalid password
403	Forbidden - invalid token
404	Resource not found
410	Gone - deleted due to brute force
429	Rate limit exceeded
500	Server error

Error Response Format

{
  "success": false,
  "error": "Error message here"
}

Files

Upload and manage temporary files via API.

POST /v1/upload

Upload a file. Returns download URL, delete token, and file info.

Content-Type

multipart/form-data

Parameters

file

required file The file to upload

password

string Password protect the file

expires

string Duration: 1h 6h 12h 1d 7d 30d (default: 7d)

maxDownloads

integer Auto-delete after N downloads

burnAfterReading

boolean Delete file after first download (default: false)

note

string Note for the recipient (max 500 chars)

Example Request

curl -X POST "https://tmp0.cc/api/v1/upload" \
  -F "file=@document.pdf" \
  -F "expires=7d" \
  -F "burnAfterReading=true"

Response

{
  "success": true,
  "fileId": "aBcDeFgHiJkL",
  "url": "/d/aBcDeFgHiJkL",
  "fullUrl": "https://tmp0.cc/d/aBcDeFgHiJkL",
  "directDownloadUrl": "https://tmp0.cc/api/file/aBcDeFgHiJkL/download",
  "deleteToken": "xYz123AbC456DeF789GhI012JkL345Mn",
  "deleteUrl": "https://tmp0.cc/d/aBcDeFgHiJkL/delete?token=...",
  "fileInfo": {
    "expires": "7d",
    "maxDownloads": 10
  }
}

GET /v1/upload

Get API documentation and usage examples.

GET /file/{id}/info

Get file metadata without downloading.

Response

{
  "available": true,
  "fileName": "document.pdf",
  "fileSize": 1048576,
  "contentType": "application/pdf",
  "passwordRequired": false,
  "clientEncrypted": false,
  "viewCount": 5,
  "downloadCount": 2,
  "maxDownloads": 10,
  "expiresAt": "2025-02-07T12:00:00",
  "scanStatus": "CLEAN",
  "scanMessage": "No threats detected"
}

POST /file/{id}/download

Download a file. Increments download counter.

Parameters

password

string Required for protected files

Example

curl -X POST "https://tmp0.cc/api/file/aBcDeFgHiJkL/download" \
  -d "password=secret123" \
  -o downloaded_file.pdf

Brute Force Protection: After 5 failed password attempts, the file is automatically deleted.

GET /file/{id}/preview

Get image preview. Only works for non-password-protected image files. Does not increment download counter.

Supported Formats

PNG JPG JPEG GIF WebP SVG

Response

Returns binary image data with appropriate Content-Type header, or 404 if not available.

DELETE /file/{id}/delete

Delete a file using the secret delete token provided at upload.

Parameters

token

required string Secret delete token (32 chars)

Example

curl -X DELETE "https://tmp0.cc/api/file/aBcDeFgHiJkL/delete?token=xYz123AbC456DeF789..."

Response

{ "success": true, "message": "File deleted" }

Brute Force Protection: After 10 failed delete attempts, the IP is temporarily blocked.

GET /storage/status

Get server storage usage statistics.

Response

{
  "used": 52428800000,
  "limit": 107374182400,
  "available": 54945382400,
  "percentUsed": 48.8
}

Blocked File Types

The following file types are blocked for security:

Executables

.exe .msi .bat .cmd .com .scr .pif

Scripts

.ps1 .vbs .vbe .js .jse .ws .wsf .wsc .wsh

Shell

.sh .bash .zsh .csh

Java

.jar .class

Office Macros

.docm .xlsm .pptm .dotm .xltm .potm

System/Other

.reg .inf .scf .lnk .pcd .shs .shb

Disk Images

.iso .img .dmg

Snippets

Create and manage code snippets with syntax highlighting.

POST /snippet/create

Create a new code snippet. Accepts plain text (recommended) or JSON.

Parameters

autoDetect

default: true boolean Auto-detect language from content

language

string Override auto-detect: python, javascript, etc.

expires

string Duration: 1h 6h 12h 1d 7d 30d

title

string Optional title for the snippet

password

string Password protect the snippet

maxDownloads

integer Auto-delete after N views

burnAfterReading

boolean Delete snippet after first view (default: false)

Example Request (Auto-Detect)

# Auto-detect language (default)
curl -X POST "https://tmp0.cc/api/snippet/create?expires=7d" \
  -H "Content-Type: text/plain" \
  --data-binary @script.py

# Disable auto-detect, set language manually
curl -X POST "https://tmp0.cc/api/snippet/create?autoDetect=false&language=python" \
  -H "Content-Type: text/plain" \
  --data-binary @script.py

Response

{
  "success": true,
  "snippetId": "abc123xyz456",
  "url": "/s/abc123xyz456",
  "fullUrl": "https://tmp0.cc/s/abc123xyz456",
  "rawUrl": "https://tmp0.cc/api/snippet/abc123xyz456/raw",
  "deleteToken": "aBcDeFgHiJkLmNoPqRsTuVwXyZ012345",
  "deleteUrl": "https://tmp0.cc/s/abc123xyz456/delete?token=...",
  "language": "python"  // detected or specified language
}

GET /snippet/{id}/info

Get snippet metadata without retrieving content.

Response

{
  "available": true,
  "snippetId": "abc123xyz456",
  "title": "My Snippet",
  "language": "python",
  "lineCount": 42,
  "charCount": 1337,
  "passwordProtected": false,
  "remainingDownloads": 5,
  "expiresAt": "2025-02-07T12:00:00Z"
}

POST /snippet/{id}/content

Retrieve snippet content as JSON. Use for password-protected snippets.

Parameters

password

string Required for protected snippets

Response

{
  "success": true,
  "content": "print('Hello World')",
  "language": "python",
  "title": "My Snippet",
  "lineCount": 1,
  "charCount": 21
}

GET /snippet/{id}/raw

Retrieve raw snippet content as plain text.

Parameters

password

string Required for protected snippets

DELETE /snippet/{id}

Delete a snippet using the delete token.

Parameters

token

required string Delete token from creation response

Supported Languages

plain javascript typescript python java kotlin go rust cpp csharp ruby php shell sql json yaml xml html css markdown log stacktrace

Line Linking

Link directly to specific lines in a snippet using URL hash:

#L42

Highlight line 42

#L10-L25

Highlight lines 10 to 25

#L10-25

Also works (shorthand)

Example

https://tmp0.cc/s/abc123xyz456#L42

Clicking a line number also updates the URL for easy sharing.

Word Highlighting

Highlight specific words in the snippet using URL parameter:

?highlight=error

Highlight all "error" occurrences

?highlight=foo,bar,baz

Highlight multiple words in different colors

Example

https://tmp0.cc/s/abc123?highlight=TODO,FIXME

20 Colors: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

CLI Tool

Full-featured command-line interface with E2EE encryption and pipe support.

Zero-Knowledge CLI

Full E2EE support with Argon2id + AES-256-GCM encryption matching the browser implementation.

Download CLI Files

tmp0.js package.json

Download both files to the same directory

Step-by-Step Installation

Prerequisites

Make sure you have Node.js 18+ installed

node --version  # Should be v18.0.0 or higher

Create a directory & download files

Create a folder and download both files above, or use curl:

mkdir tmp0-cli && cd tmp0-cli
curl -O https://tmp0.cc/api/v1/cli/tmp0.js
curl -O https://tmp0.cc/api/v1/cli/package.json

Install dependencies

Install the required npm packages

npm install

Make it globally available (optional)

Link the CLI so you can use tmp0 from anywhere

npm link  # Now you can use 'tmp0' globally

✓

Verify installation

Check that the CLI is working

tmp0 --help
# Or if not linked:
node tmp0.js --help

Quick Install (One-Liner)

mkdir tmp0-cli && cd tmp0-cli && curl -O https://tmp0.cc/api/v1/cli/tmp0.js && curl -O https://tmp0.cc/api/v1/cli/package.json && npm install && npm link

Basic Usage

Upload a file

tmp0 upload document.pdf

Upload with E2EE encryption

tmp0 upload secret.pdf -e -p "mypassword"

Pipe from stdin

cat file.txt | tmp0 upload -n "myfile.txt"
echo "Hello World" | tmp0 upload -e -p "secret"

Download and decrypt

tmp0 download aBcDeFgHiJkL -p "mypassword" -o output.pdf
tmp0 download aBcDeFgHiJkL -p "mypassword" > output.pdf

File Commands

upload [file]

Upload file or pipe from stdin

download <id>

Download and optionally decrypt file

delete <id> <token>

Delete file using delete token

Snippet Commands

snippet [content]

Upload code snippet (alias: paste)

snippet-get <id>

Get snippet content (alias: get)

Utility Commands

info <id>

Get file info and crypto badge

verify <id>

Verify file in transparency log

manifest

Show public crypto manifest

sign <url>

Generate signed URL

Snippet Examples

Paste from clipboard / stdin

cat script.py | tmp0 snippet -l python
echo "console.log('hello')" | tmp0 paste

Upload encrypted snippet

tmp0 snippet script.py -e -p "secret" -l python

Get and decrypt snippet

tmp0 snippet-get abc123 -p "secret" > script.py
tmp0 get abc123 -p "secret" -o script.py

Upload Options

-e, --encrypt

Enable E2EE encryption

-p, --password

E2EE encryption password

-x, --expires

Expiration (1h, 6h, 12h, 1d, 7d, 30d)

-m, --max-downloads

Maximum download count

-b, --burn

Delete after first download

-n, --name

Filename for stdin input

-j, --json

Output as JSON

E2EE Encryption Details

Algorithm: AES-256-GCM

Key Derivation: Argon2id (6 iterations, 256 MB memory, 4 parallelism)

Salt: 128 bits (random)

IV: 96 bits (random)

Password never leaves your device. Server cannot decrypt E2EE files.

Crypto Manifest

Public cryptographic information about the service and individual files.

Verifiable Security

All encryption parameters are publicly auditable. Verify our zero-knowledge claims yourself.

GET /v1/crypto/manifest

Get the global crypto manifest with all encryption parameters.

Response

{
  "version": "1.0.0",
  "e2ee": {
    "algorithm": "AES-256-GCM",
    "keyDerivation": "Argon2id",
    "parameters": {
      "timeCost": 6,
      "memoryCost": "256 MB",
      "parallelism": 4
    }
  },
  "atRest": {
    "algorithm": "AES-256-GCM",
    "keyLength": "256 bits"
  },
  "transparency": {
    "enabled": true,
    "hashAlgorithm": "SHA-256",
    "signing": "HMAC-SHA256"
  }
}

GET /v1/crypto/manifest/{fileId}

Get the crypto badge for a specific file.

Response

{
  "fileId": "aBcDeFgHiJkL",
  "encryption": {
    "type": "E2EE",
    "algorithm": "AES-256-GCM",
    "keyDerivation": "Argon2id",
    "zeroKnowledge": true
  },
  "integrity": {
    "algorithm": "SHA-256",
    "hash": "a1b2c3d4..."
  },
  "badgeHash": "e5f6g7h8..."
}

curl Examples

Get global manifest

curl https://tmp0.cc/api/v1/crypto/manifest

Get file crypto badge

curl https://tmp0.cc/api/v1/crypto/manifest/aBcDeFgHiJkL

Verify crypto badge

curl -X POST https://tmp0.cc/api/v1/crypto/verify-badge \
  -H "Content-Type: application/json" \
  -d '{"fileId":"aBcDeFgHiJkL","badgeHash":"e5f6g7h8..."}'

Transparency Log

Certificate Transparency style logging for audit and verification.

Immutable Audit Trail

Only cryptographic hashes are logged - no file content or personal data. Similar to Certificate Transparency (RFC 6962).

Chained Hashes

Each entry links to previous

Merkle Tree

Efficient proof of inclusion

HMAC Signatures

Cryptographic authenticity

Timestamped

Immutable timestamps

GET /v1/transparency/log/{fileId}

Get transparency log entry for a file.

Response

{
  "logId": "uuid",
  "fileId": "aBcDeFgHiJkL",
  "operationType": "UPLOAD",
  "timestamp": "2025-02-01T12:00:00Z",
  "contentHash": "sha256...",
  "merkleRoot": "root...",
  "signature": "hmac..."
}

GET /v1/transparency/verify/{fileId}

Verify file integrity in transparency log.

Response

{
  "valid": true,
  "message": "Entry verified successfully",
  "merkleRoot": "root...",
  "signature": "hmac..."
}

GET /v1/transparency/sth

Get Signed Tree Head (current log state).

Response

{
  "treeSize": 12345,
  "timestamp": 1706789200000,
  "merkleRoot": "root...",
  "signature": "hmac..."
}

GET /v1/transparency/public-log?limit=50

Get recent public log entries (hashes only, no content).

curl Examples

Get transparency log for file

curl https://tmp0.cc/api/v1/transparency/log/aBcDeFgHiJkL

Verify file integrity

curl https://tmp0.cc/api/v1/transparency/verify/aBcDeFgHiJkL

Get signed tree head

curl https://tmp0.cc/api/v1/transparency/sth

Get public log

curl "https://tmp0.cc/api/v1/transparency/public-log?limit=20"

Signed URLs

Generate time-limited, cryptographically signed download URLs.

HMAC-SHA256 Signatures

Tamper-proof URLs with optional IP binding and one-time use restrictions.

POST /v1/signed/generate

Generate a signed download URL.

Request Body

{
  "fileId": "aBcDeFgHiJkL",
  "ttl": 3600,           // seconds (default: 3600)
  "ipBinding": true,     // bind to client IP
  "oneTimeUse": true     // URL can only be used once
}

Response

{
  "signedUrl": "https://tmp0.cc/api/v1/signed/download/aBcDeFgHiJkL?sig=...&exp=...&nonce=...",
  "fileId": "aBcDeFgHiJkL",
  "expiresIn": 3600,
  "ipBound": true,
  "oneTimeUse": true
}

GET /v1/signed/download/{fileId}

Download file using a signed URL.

Query Parameters

sig

required HMAC-SHA256 signature

exp

required Expiration timestamp

nonce

required Unique nonce

POST /v1/signed/verify

Verify a signed URL without downloading.

Request Body

{ "url": "https://tmp0.cc/api/v1/signed/download/..." }

curl Examples

Generate Signed URL

# Generate a signed URL (1 hour TTL)
curl -X POST https://tmp0.cc/api/v1/signed/generate \
  -H "Content-Type: application/json" \
  -d '{"fileId": "abc123"}'

# With custom TTL (30 minutes) and IP binding
curl -X POST https://tmp0.cc/api/v1/signed/generate \
  -H "Content-Type: application/json" \
  -d '{"fileId": "abc123", "ttl": 1800, "ipBinding": true}'

# One-time use URL (can only be downloaded once)
curl -X POST https://tmp0.cc/api/v1/signed/generate \
  -H "Content-Type: application/json" \
  -d '{"fileId": "abc123", "oneTimeUse": true}'

Download via Signed URL

# Download using the signed URL (use the URL from generate response)
curl -o file.zip "https://tmp0.cc/api/v1/signed/download/abc123?sig=...&exp=...&nonce=..."

Verify Signed URL

# Verify a signed URL without downloading
curl -X POST https://tmp0.cc/api/v1/signed/verify \
  -H "Content-Type: application/json" \
  -d '{"url": "https://tmp0.cc/api/v1/signed/download/abc123?sig=...&exp=...&nonce=..."}'

CLI Examples

# Generate a signed URL for a file
tmp0 sign abc123

# Custom TTL (30 minutes)
tmp0 sign abc123 --ttl 1800

# One-time use URL
tmp0 sign abc123 --one-time

# IP-bound URL (only works from your IP)
tmp0 sign abc123 --ip-binding

URL Shortener

Create short URLs with spam protection, password protection, and expiration times.

Spam Protection

Advanced algorithms detect and block malicious URLs, phishing attempts, and spam. Rate limits: 20 URLs/hour, 50/day per IP.

POST /v1/url/shorten

Create a new short URL. Accepts JSON.

Request Body (JSON)

{
  "url": "https://example.com/very/long/url",
  "password": "optional-password",
  "maxClicks": 100,
  "expires": "7d",
  "customAlias": "mylink"
}

Parameters

Field	Type	Description
`url`	string	URL to shorten (required)
`password`	string	Password to protect the URL (optional)
`maxClicks`	integer	Maximum clicks before expiration (0 = unlimited)
`expires`	string	Expiration time: 1h, 6h, 12h, 1d, 7d, 30d
`customAlias`	string	Custom alias (4-20 lowercase alphanumeric)

Response

{
  "success": true,
  "shortCode": "abc123xy",
  "shortUrl": "/u/abc123xy",
  "fullUrl": "https://tmp0.cc/u/abc123xy",
  "deleteToken": "abcdefghij1234567890abcdefghij12",
  "deleteUrl": "https://tmp0.cc/u/abc123xy/delete?token=..."
}

cURL Example

curl -X POST https://tmp0.cc/api/v1/url/shorten \
  -H "Content-Type: application/json" \
  -d '{"url": "https://example.com/page", "expires": "7d"}'

GET /url/{shortCode}/info

Get information about a short URL without incrementing the click count.

Response

{
  "available": true,
  "shortCode": "abc123xy",
  "targetDomain": "example.com",
  "passwordProtected": false,
  "clickCount": 42,
  "maxClicks": 100,
  "expiresAt": "2026-02-11T14:30:00"
}

POST /url/{shortCode}/resolve

Resolve a short URL to its original destination. Increments click count.

Request Body (optional, for password-protected URLs)

password=your-password

Response

{
  "success": true,
  "url": "https://example.com/original-url"
}

DELETE /url/{shortCode}?token={deleteToken}

Delete a short URL using its delete token.

Response

{
  "success": true,
  "message": "Short URL deleted successfully"
}

Spam Protection Algorithms

Rate Limiting

20 URLs per IP per hour
50 URLs per IP per day
5 URLs to same domain per IP per hour
100 URLs to same domain globally per hour

Domain Blocklist

Known spam, phishing, and malware domains are automatically blocked. URL shortener chains (bit.ly, tinyurl, etc.) are also blocked to prevent abuse.

Pattern Detection

Suspicious URL patterns are detected including: phishing keywords (login, verify, secure), brand impersonation, IP-based URLs, and cryptocurrency scam keywords.

Spam Score

Each URL receives a spam score (0-100). URLs with scores above 70 are blocked. Scores between 50-70 are flagged for review. The score is calculated based on multiple factors including IP history, domain frequency, and URL patterns.

Expiration Times

Value	Duration	Use Case
`1h`	1 hour	Quick sharing, temporary links
`6h`	6 hours	Work session sharing
`12h`	12 hours	Daily sharing
`1d`	1 day	Next-day follow-up
`7d`	7 days (default)	Weekly sharing
`30d`	30 days	Long-term sharing

API v2: Pre-signed URLs

Developer-first API for direct uploads without round-trips. Use tmp0 as infrastructure.

Zero-Trust Upload Flow

Get a time-limited token, upload directly. No auth headers needed for the actual upload.

POST /api/v2/presign

Request a pre-signed upload URL. Returns a time-limited token valid for 30 minutes.

Request Body

{
  "fileName": "document.pdf",
  "fileSize": 1048576,           // optional, size hint
  "contentType": "application/pdf",
  "storageTime": "7d",           // 1h, 6h, 1d, 3d, 7d, 14d, 30d
  "clientEncrypted": true,       // E2EE upload
  "maxDownloads": 10,            // optional limit
  "burnAfterReading": false
}

Response

{
  "success": true,
  "uploadUrl": "/api/v2/upload/direct/xYz123...",
  "token": "xYz123AbCdEf...",
  "expiresAt": "2024-01-01T12:30:00",
  "maxFileSize": 2147483648,
  "validForMinutes": 30
}

PUT /api/v2/upload/direct/{token}

Upload file using the pre-signed token. No authentication required.

Headers

Content-Type

application/octet-stream

Response

{
  "success": true,
  "fileId": "aBcDeFgHiJkL",
  "url": "/d/aBcDeFgHiJkL",
  "deleteToken": "secret-delete-token",
  "downloadUrl": "/d/aBcDeFgHiJkL",
  "apiUrl": "/api/v2/files/aBcDeFgHiJkL"
}

GET /api/v2/files/{fileId}

Get detailed file metadata including privacy level and security badges.

Response includes

fileId fileName fileSize contentType downloadCount maxDownloads privacyLevel signed signatureVerified senderPublicKey senderFingerprint isolated riskLevel detectedMimeType mimeTypeMismatch

Example: Pre-signed Upload Flow

# 1. Request pre-signed URL
TOKEN=$(curl -s -X POST https://tmp0.cc/api/v2/presign \
  -H "Content-Type: application/json" \
  -d '{"fileName": "backup.zip", "storageTime": "7d"}' \
  | jq -r '.token')

# 2. Upload directly using token
curl -X PUT "https://tmp0.cc/api/v2/upload/direct/$TOKEN" \
  -H "Content-Type: application/octet-stream" \
  --data-binary @backup.zip

# Response: {"success": true, "fileId": "abc123...", ...}

Streaming API

Real-time file events via Server-Sent Events (SSE). Build reactive applications.

Real-time Events

Subscribe to download events, expiration warnings, and file deletion notifications.

GET /api/v2/events/{fileId} SSE

Subscribe to real-time events for a file. Connection kept alive for 30 minutes.

Event Types

connected Initial connection established

download File was downloaded

expiring File will expire within 1 hour

maxReached Maximum downloads reached

deleted File was deleted

JavaScript Example

const events = new EventSource('/api/v2/events/aBcDeFgHiJkL');

events.addEventListener('connected', (e) => {
    const data = JSON.parse(e.data);
    console.log('Connected:', data);
});

events.addEventListener('download', (e) => {
    const data = JSON.parse(e.data);
    console.log(`Downloaded! Count: ${data.downloadCount}`);
});

events.addEventListener('expiring', (e) => {
    const data = JSON.parse(e.data);
    console.log(`Expires in ${data.minutesRemaining} minutes`);
});

events.addEventListener('deleted', (e) => {
    console.log('File was deleted');
    events.close();
});

GET /api/v2/stream/status

Check streaming API status and active connections.

Response

{
  "activeConnections": 42,
  "trackedFiles": 15,
  "status": "operational"
}

ShareX Integration

Use tmp0.cc as your uploader for screenshots, text, and files in ShareX.

Quick Setup

Download the config file and double-click to import into ShareX.

tmp0.cc.sxcu (Double-click to import)

Default Settings

Storage Duration

30 days

Password

None

Clipboard

Direct URL

Supported

Images, Text, Files

Manual Setup

If the automatic import doesn't work, follow these steps:

Open ShareX Destinations Custom uploader settings
Click Import From URL
Paste: https://tmp0.cc/api/sharex-config
Set as default uploader for Images, Text, and Files

Configuration File

{
  "Version": "16.0.0",
  "Name": "tmp0.cc",
  "DestinationType": "ImageUploader, TextUploader, FileUploader",
  "RequestMethod": "POST",
  "RequestURL": "https://tmp0.cc/api/v1/upload",
  "Body": "MultipartFormData",
  "FileFormName": "file",
  "Arguments": {
    "expires": "30d"
  },
  "URL": "{json:fullUrl}",
  "ThumbnailURL": "{json:fullUrl}",
  "DeletionURL": "{json:deleteUrl}"
}

Customize Settings

Modify the Arguments section to change defaults:

expires

1h 6h 12h 1d 7d 30d

password

Add "password": "your-secret" for protection

maxDownloads

Add "maxDownloads": "10" to limit

Security

Overview

Architecture

Analysis

Performance

Trust

Security & Cryptography

Complete transparency about how tmp0.cc protects your data.

Trust Through Transparency

This documentation establishes our trust baseline. All cryptographic claims are verifiable through public APIs.

Security Guarantees

End-to-End Encryption (Default Recommendation)

AES-256-GCM with Argon2id key derivation. Built-in password generator with real-time entropy meter (min. 50 bits enforced). Password never leaves your browser. Uploading without encryption triggers a warning.

True Zero-Knowledge Mode

E2EE with zero server-side processing. No metadata stripping, no virus scan, no hash blocklist. The server treats your upload as an opaque encrypted blob. We cannot comply with content requests for E2EE/ZK data.

HMAC-SHA256 IP Hashing

IP addresses are hashed with HMAC-SHA256 using a server-side secret key. Unlike plain SHA-256, this prevents reverse-engineering via lookup tables. Hashes are temporary (in-memory only) and auto-cleared.

Abuse Detection & API Authentication

Score-based abuse detection with auto-blocking. Optional API key authentication (HMAC-signed) with higher rate limits. Failed auth attempts feed the abuse scoring system.

Transparency Logging

Merkle tree-based audit log. All operations are verifiable via public endpoints.

P2P Transfer with TURN Fallback

WebRTC DataChannel with DTLS encryption. Files transfer directly between browsers. Configurable TURN relay server ensures connectivity behind restrictive NATs/firewalls.

Cryptographic Algorithms

Component	Algorithm	Key Size
Symmetric Encryption	AES-256-GCM	256-bit
Key Derivation	Argon2id	256-bit output
Password Hashing	BCrypt	Cost factor 10
Content Hashing	SHA-256	256-bit
Signatures	HMAC-SHA256	256-bit
P2P Transfer	WebRTC DTLS	TLS 1.2+

Verification Endpoints

GET /api/v1/crypto/manifest — All cryptographic parameters

GET /api/v1/crypto/badge/{fileId} — Per-file security badge

GET /api/v1/transparency/sth — Signed Tree Head

GET /api/v1/transparency/verify — Chain verification

Visibility Matrix

What we can see vs. what we cannot see — complete transparency.

Quick Reference by Encryption Mode

Data Type	Plain Upload	Server-Encrypted	E2EE	E2EE + ZK	P2P Transfer
File content	✓ Can see	⚠ Can decrypt	✗ Cannot see	✗ Opaque blob	✗ Never touches server
File name	✓ Can see	✓ Can see	✓ Can see	⚠ Metadata only	✗ Never touches server
Server processing	✓ Full	✓ Full	✗ Skipped	✗ None	✗ None
Password	N/A	✓ Hash stored	✗ Never sent	✗ Never sent	N/A
IP address	✗ HMAC hashed	✗ HMAC hashed	✗ HMAC hashed	✗ HMAC hashed	⚠ Relayed via ICE
User identity	✗ Not collected	✗ Not collected	✗ Not collected	✗ Not collected	✗ Not collected

What We Can See

• File metadata (name, size, type)
• Upload/expiry timestamps
• Download counts
• BCrypt password hashes (server mode)
• SHA-256 content hashes

What We Cannot See (E2EE)

• File contents (encrypted before upload)
• Your password (never transmitted)
• Derived encryption key
• Original file type/structure
• Who uploaded what (no user IDs)

Zero-Knowledge Guarantee

For E2EE files: Even with full server access, database dumps, and file system access, we mathematically cannot decrypt your files without your password. In True Zero-Knowledge mode, the server additionally performs zero processing on the encrypted blob — no metadata stripping, no virus scan, no hash blocklist check.

Encryption Tiers

Four distinct security levels for different use cases.

Tier 1 Plain Upload (At-Rest Encrypted)

Files encrypted on the server with AES-256-GCM before storage.

Protected Against

✓ Disk theft
✓ Network eavesdropping (TLS)
✓ Database breach

Not Protected Against

✗ Server compromise
✗ Malicious operator
✗ Legal data requests

Use case: Non-sensitive files, maximum compatibility, virus scanning needed

Tier 2 Server-Encrypted (Password Protected)

Password verified by server. BCrypt hashing with brute force protection.

Protected Against

✓ Unauthorized access
✓ Brute force (5 attempts → auto-delete)
✓ All Tier 1 protections

Not Protected Against

✗ Server with password knowledge
✗ Legal requests with password

Use case: Sensitive files, recipient without JS/WebCrypto, virus scanning needed

Tier 3 True E2EE (Zero-Knowledge) RECOMMENDED

Encrypted in your browser before upload. Server never sees plaintext or password. Built-in password generator enforces minimum 50-bit entropy.

Encryption chain:

Password (min. 50 bits entropy) → Argon2id (256MB, 6 iter) → AES-256-GCM → Upload

+ True ZK toggle: skip all server-side processing

Protected Against

✓ Server compromise
✓ Malicious operators
✓ Legal data requests
✓ Database breaches
✓ Weak passwords (entropy enforced)
✓ Metadata leakage (ZK mode)

Limitations

! No virus scanning (encrypted blob)
! Requires JavaScript + WebCrypto
! Password loss = data loss

Use case: Maximum privacy, zero-trust, sensitive documents, whistleblowing. True ZK mode for journalists and activists.

Tier 4 P2P Transfer (Zero Server Contact) MAXIMUM PRIVACY

File never touches the server. Direct browser-to-browser via WebRTC DataChannel with DTLS encryption. TURN relay fallback when direct connections fail.

Data flow:

Browser A → [DTLS encrypted DataChannel] → Browser B

Fallback: Browser A → [DTLS] → TURN relay → [DTLS] → Browser B

Server role: signaling relay only (SDP/ICE). TURN: encrypted relay, cannot decrypt.

Protected Against

✓ Server compromise
✓ Malicious operators
✓ Legal data requests
✓ Database breaches
✓ Server-side file logging

Limitations

! No virus scanning
! No metadata stripping
! Both peers must be online
! NAT/firewall may block (~15%)
! No resume on disconnect

Use case: Maximum privacy, real-time sharing, large files without server bandwidth limits, zero trust in server

Trust Model Comparison

Who must you trust?	Tier 1	Tier 2	Tier 3	Tier 4 (P2P)
tmp0.cc server	✓	✓	✗	✗
tmp0.cc operators	✓	✓	✗	✗
Network (TLS)	✓	✓	⚠	✗
CDN (JavaScript)	✓	✓	✓	✗
Your browser	✓	✓	✓	✓
STUN servers	N/A	N/A	N/A	⚠

✓ = Must trust | ✗ = Zero trust required | ⚠ = Metadata only (IP/connectivity info)

Cryptographic Specification

Technical details of all cryptographic operations.

Client-Side Encryption (E2EE)

Algorithm	AES-256-GCM
Key Derivation	Argon2id
Argon2id Memory	256 MB
Argon2id Iterations	6
Argon2id Parallelism	4 threads
Salt Size	16 bytes (128 bits)
IV Size	12 bytes (96 bits)
GCM Tag Size	16 bytes (128 bits)

E2EE Binary Format

┌──────────────┬──────────────┬─────────────┬──────────────────────────┐
│ Version (4B) │  Salt (16B)  │   IV (12B)  │ Ciphertext + GCM Tag     │
│  0x45324530  │              │             │         (16B tag)        │
│   "E2E01"    │              │             │                          │
└──────────────┴──────────────┴─────────────┴──────────────────────────┘

Version magic 0x45324530 allows future format upgrades while maintaining backward compatibility.

Server-Side At-Rest Encryption

Algorithm	AES-256-GCM
Key Source	Environment variable
IV Size	12 bytes (96 bits)
Storage Format	[IV 12B][Ciphertext][GCM Tag 16B]

Brute Force Resistance (Argon2id)

Cost per attempt: 256 MB memory × 6 iterations

GPU mitigation: Memory-hardness makes parallel attacks prohibitively expensive

Time to crack (at 10,000 attempts/second):

8-character password (94^8): ~17 million years
12-character password (94^12): ~10^18 years

Standards Compliance

AES-256-GCM: FIPS 197 + SP 800-38D

Argon2id: RFC 9106

SHA-256: FIPS 180-4

HMAC-SHA256: RFC 2104

WebRTC DTLS: RFC 8827 / RFC 8261

STUN: RFC 8489

Threat Model

STRIDE + LINDDUN analysis of security and privacy threats.

STRIDE Security Threats

Spoofing

Attacker impersonates legitimate user or system.

Mitigations: CSRF tokens, 64-char delete tokens, HMAC-signed URLs, constant-time comparison

P2P: Room IDs are 8 random alphanumeric characters (2.8 trillion combinations). An attacker would need to guess the ID within the 10-minute window to join a room.

Tampering

Unauthorized modification of data.

Mitigations: TLS 1.3, AES-256-GCM authentication tags, Merkle tree integrity

P2P: DTLS provides authenticated encryption on the DataChannel. Signaling messages are relayed over TLS-protected WebSocket. SDP tampering would cause connection failure, not data interception.

Repudiation

Denying actions taken.

Mitigations: Signed transparency log, Merkle tree proofs, public verification

Information Disclosure

Exposure of sensitive information.

Mitigations: E2EE, at-rest encryption, minimal metadata, no IP storage

P2P: File data never reaches the server. ICE candidates (containing peer IPs) are relayed ephemerally and never stored. DTLS encrypts the DataChannel end-to-end.

Denial of Service

Making service unavailable.

Mitigations: Rate limiting, 2GB file limit, 100GB total storage, semaphore limiting

P2P: Max 5,000 concurrent rooms, 10-minute room expiry, IP-based rate limiting on room creation, 64KB max signaling message size.

Elevation of Privilege

Gaining unauthorized capabilities.

Mitigations: Input validation, ClamAV scanning, parameterized queries, 5-attempt brute force limit

LINDDUN Privacy Threats

Linkability

No IP storage, random file IDs, no user accounts

Identifiability

No PII collected, E2EE prevents content analysis

Non-repudiation

Logs contain only hashes, no link to users

Detectability

Random IDs, no public listing, no search

Disclosure

E2EE files impossible to disclose

Unawareness

Clear UI, crypto badges, this documentation

Defense in Depth Layers

1 Network Security (TLS 1.3, HSTS, Security Headers)

2 Application Security (CSRF, Validation, Rate Limiting)

3 Cryptographic Security (E2EE, At-rest, HMAC)

4 Data Security (No PII, Auto-expire, Secure Delete)

5 Transparency (Audit Log, Merkle Proofs, Public APIs)

P2P Transfer Security

Complete analysis of the peer-to-peer file transfer architecture.

Zero Server Contact

P2P Transfer is the only mode where the server never touches, processes, or stores your file in any form. The server acts exclusively as a signaling relay to establish the direct connection.

Architecture Overview

Sender Browser

Server

Receiver Browser

WebSocket CONNECT→

CREATED:{roomId}←

←WebSocket CONNECT

PEER_JOINED←

SDP Offer→ relay →SDP Offer

SDP Answer← relay ←SDP Answer

ICE Candidates↔ relay ↔ICE Candidates

═══ DTLS Encrypted DataChannel (Direct, server not involved) ═══

File Metadata (JSON)─── direct →

64KB Chunks─── direct →

__END__ marker─── direct →

__END__ acknowledgment← direct ───

Server is NOT involved in file transfer. Only signaling is relayed.

What the Server Processes (Ephemeral)

Data	Purpose	Storage	Lifetime
Room ID	Identify signaling room	In-memory only	10 min max
WebSocket sessions	Route messages between peers	In-memory only	Until disconnect
SDP offers/answers	WebRTC negotiation	Relayed, not stored	Transient
ICE candidates	NAT traversal	Relayed, not stored	Transient
IP address (HMAC-SHA256 hashed)	Rate limiting	In-memory only	1 hour
Creation timestamp	Room expiry calculation	In-memory only	10 min max

What the Server Never Sees

File Content

Transferred exclusively over the encrypted DataChannel between browsers.

File Metadata

Name, size, and MIME type are sent as the first DataChannel message — never via signaling.

Encryption Keys

DTLS keys are negotiated directly between peers during the handshake. Server cannot decrypt DataChannel traffic.

Transfer Status

Progress, completion, speed — all happen on the DataChannel. Server doesn't know if/when a transfer completes.

Cryptographic Properties

Transport Encryption	DTLS 1.2+ (TLS over UDP)
DataChannel Protocol	SCTP over DTLS
Key Exchange	Peer-to-peer DTLS handshake (server not involved)
Signaling Transport	WebSocket over TLS (wss://)
NAT Traversal	STUN (Google + Cloudflare), configurable TURN relay fallback
Chunk Size	65,536 bytes (64 KB)
Channel Mode	Ordered, reliable (TCP-like semantics)
Room ID Entropy	8 alphanumeric chars = ~41 bits (2.8 × 10¹² combinations)

Room Lifecycle & Limits

Time	Event	Details
T+0s	Sender creates room	Room allocated in ConcurrentHashMap
T+0s	Room ID returned	8 random alphanumeric characters
T+Ns	Receiver joins	Signaling begins (SDP/ICE exchange)
T+Ns	DataChannel established	Server's role is complete
T+10min	Room auto-deleted	Cleanup job runs every 60 seconds

Max concurrent rooms

5,000

Room timeout

10 minutes

Max message size

64 KB

Cleanup interval

60 seconds

Peers per room

Failure Modes & Security Implications

NAT/Firewall Blocking

Symmetric NAT or strict firewalls may prevent direct peer connections. When a TURN server is configured, it provides relay fallback — the TURN server relays DTLS-encrypted traffic without being able to decrypt it. Without TURN, the transfer fails cleanly (~15% of connections). The TURN server never has access to plaintext file content.

Connection Drop Mid-Transfer

If either peer disconnects, the entire transfer must restart. There is no chunked resume. Partially received data is discarded from browser memory. No data remains on the server.

Room ID Guessing

An attacker would need to guess the 8-character room ID (2.8 trillion combinations) within the 10-minute window AND before the legitimate receiver joins. Rooms only accept one peer, so a successful join by the attacker would block the real receiver — but they still cannot access file data until the sender initiates the transfer.

No Virus Scanning or Metadata Stripping

Because the server never processes the file, ClamAV scanning, EXIF stripping, and hash blocklist checks are all skipped. Files are transferred as-is between browsers. The receiver should exercise the same caution as receiving any file from an untrusted source.

Comparison: What the Server Sees per Mode

Data	Server-Encrypted	E2EE	E2EE + ZK	P2P Transfer
File content	Temporarily	Never (ciphertext)	Never (opaque blob)	Never
File name	Yes	Yes	Metadata only	Never
File size	Yes	Padded	Padded	Never
SHA-256 hash	Computed	Of ciphertext	Of ciphertext	Never
Virus scan	Yes	Skipped	Skipped	Skipped
Metadata strip	Yes	Skipped	Skipped	Skipped
Hash blocklist	Checked	Checked	Skipped	Skipped
File policies	Evaluated	Skipped	Skipped	Skipped
Persistent storage	Until expiry	Until expiry	Until expiry	None
Peer IP addresses	HMAC hashed	HMAC hashed	HMAC hashed	Relayed via ICE

Transparency Log

Merkle tree-based audit logging with public verification.

Certificate Transparency Inspired

Based on RFC 6962, adapted for file operations. All entries are append-only and cryptographically verifiable.

Merkle Tree Structure

                     ┌─────────┐
                     │  Root   │ ← Merkle Root (in STH)
                     │  H0123  │
                     └────┬────┘
               ┌─────────┴─────────┐
               │                   │
          ┌────┴────┐         ┌────┴────┐
          │   H01   │         │   H23   │
          └────┬────┘         └────┬────┘
         ┌─────┴─────┐       ┌─────┴─────┐
         │           │       │           │
    ┌────┴────┐ ┌────┴────┐ ┌────┴────┐ ┌────┴────┐
    │ Entry 0 │ │ Entry 1 │ │ Entry 2 │ │ Entry 3 │
    └─────────┘ └─────────┘ └─────────┘ └─────────┘

Hash Chain

Entry[0]          Entry[1]          Entry[2]
┌─────────┐      ┌─────────┐      ┌─────────┐
│ hash=H0 │─────▶│ prev=H0 │─────▶│ prev=H1 │
│ prev=∅  │      │ hash=H1 │      │ hash=H2 │
└─────────┘      └─────────┘      └─────────┘

Each entry's previousHash links to the prior entry, creating an immutable chain.

Log Entry Structure

Field	Description
logId	Unique UUID
operationType	UPLOAD \| DOWNLOAD \| DELETE
timestamp	ISO 8601 timestamp
contentHash	SHA-256 of encrypted content
metadataHash	SHA-256 of metadata
entryHash	SHA-256 of entry data
previousHash	Hash chain link
signature	HMAC-SHA256 of entryHash
merkleRoot	Tree root after this entry

Privacy: What Logs Do NOT Contain

✗ File content

✗ File names

✗ IP addresses

✗ User IDs

✗ Passwords

✗ Location

Public Verification Endpoints

GET /api/v1/transparency/sth

Signed Tree Head (current log state)

GET /api/v1/transparency/entries

List log entries (paginated)

GET /api/v1/transparency/proof/{logId}

Inclusion proof for entry

GET /api/v1/transparency/verify

Full chain verification

External Auditing

Anyone can monitor the transparency log. Cache STHs over time to detect any unauthorized modifications or deletions.

Large File Support

Chunked resumable uploads for files up to 2GB with parallel encryption.

No Feature Disadvantage

Competitive with Wormhole and SwissTransfer. Upload files up to 2GB with E2EE, resumable uploads, and parallel processing.

Chunked Upload Architecture

Max file size	2 GB
Chunk size	10 MB
Max chunks	210 chunks
Parallel uploads	3 concurrent
Session timeout	60 minutes
Resume capability	Yes (missing chunks tracked)

How Chunked Uploads Work

Initialize Session

Client requests upload session with file metadata. Server returns session ID, chunk count, and size.

Upload Chunks

File is split into 10MB chunks. Multiple chunks upload in parallel. Progress tracked per-chunk.

Resume if Interrupted

Session ID stored locally. If interrupted, query server for missing chunks and upload only those.

Finalize

Once all chunks received, server assembles file, computes hash, encrypts, and stores. File ID returned.

Parallel Chunk Encryption (E2EE)

For E2EE uploads, chunks are encrypted in parallel using Web Workers for maximum performance.

File (2GB)
    │
    ├── Chunk 0 ──▶ [Web Worker 1] ──▶ AES-256-GCM ──▶ Upload
    ├── Chunk 1 ──▶ [Web Worker 2] ──▶ AES-256-GCM ──▶ Upload
    ├── Chunk 2 ──▶ [Web Worker 3] ──▶ AES-256-GCM ──▶ Upload
    │       (parallel encryption)         │
    └── ... 210 chunks total              └── Server assembles

Each chunk encrypted with same derived key (Argon2id), unique IV per chunk.

Chunked Upload API

GET /api/v1/chunked/config

Get chunked upload configuration

POST /api/v1/chunked/init

Initialize upload session

POST /api/v1/chunked/upload/{sessionId}/{chunkIndex}

Upload a single chunk

GET /api/v1/chunked/status/{sessionId}

Get session status (for resume)

POST /api/v1/chunked/finalize/{sessionId}

Finalize upload (assemble chunks)

DELETE /api/v1/chunked/cancel/{sessionId}

Cancel upload session

/api/v1/chunked/init Parameters

fileName

required Original filename

totalSize

required Total file size in bytes

contentType

optional MIME type (default: application/octet-stream)

clientEncrypted

default: false E2EE file (encrypted in browser)

storageTime

optional 1h, 6h, 12h, 1d, 7d, 30d (default: 7d)

maxDownloads

optional Auto-delete after N downloads

burnAfterReading

default: false Delete after first download

zeroMetadataMode

default: false Skip transparency log (max privacy)

senderPublicKey

optional Ed25519 public key (Base64)

uploadSignature

optional Ed25519 signature of file hash (Base64)

Automatic Fallback

Files under 50MB use single-request upload for simplicity. Chunked upload automatically activates for larger files or when explicitly requested.

Identity-less Reputation

Trust without identity. Verify senders without accounts, logins, or tracking.

Trust Without Accounts

Recipients can verify: "Signed by the same sender as previous upload" — without user accounts, logins, or tracking.

How It Works

Generate Keypair

An Ed25519 keypair is generated in your browser. The private key never leaves your device.

Sign Upload

When you upload, your private key signs the file hash. The signature and public key are stored with the file.

Verify Sender

Recipients see a fingerprint like "ABC1...XYZ2". Same fingerprint = same sender. Cryptographic proof without identity.

Cryptographic Details

Algorithm	Ed25519
Key size	256-bit (32 bytes)
Signature size	512-bit (64 bytes)
Message format	tmp0.cc:upload:{fileHash}
Storage	localStorage (browser only)
Export	Backup/restore supported

Privacy Guarantees

No User Accounts

No registration, no login, no personal data collected.

No Tracking

Server doesn't link uploads to identities. Just cryptographic proof of same sender.

Private Key Stays Local

Private key generated and stored in browser. Never sent to server.

Optional

Signing is completely optional. Upload anonymously if you prefer.

JavaScript API

// Check if Ed25519 is supported
const supported = await IdentityKeys.isSupported();

// Generate new keypair (stored in localStorage)
const { publicKey, fingerprint } = await IdentityKeys.generateKeyPair();

// Sign an upload (uses stored private key)
const signature = await IdentityKeys.signUpload(fileHash);

// Verify a signature
const valid = await IdentityKeys.verifySignature(publicKey, signature, fileHash);

// Check if same sender
const same = IdentityKeys.isSameSender(publicKey1, publicKey2);

// Export/import for backup
const backup = IdentityKeys.exportIdentity();
await IdentityKeys.importIdentity(backup);

Key Management

Your private key is stored in localStorage. Clearing browser data will delete it permanently. Use the export feature to backup your identity.

Smart File Policies

Automatic protection against malicious files with executable isolation, MIME validation, and risk assessment.

Defense in Depth

Multiple layers of protection: executable detection, MIME type validation, disguised file rejection, and risk-based isolation.

Protection Layers

Executable Isolation

Detects executable files by extension, MIME type, and magic bytes. Isolated files are flagged and handled with extra caution.

.exe .dll .bat .sh .jar .ps1 .apk +40 more

MIME-Type Sanity Checks

Validates that file content matches declared type. Detects mismatches like a .jpg file that's actually a PE executable.

Disguised Executable Rejection

Automatically rejects files that appear to be executables disguised with safe extensions (e.g., malware.jpg that's actually an .exe).

Forced Archive for Risky Combos

High-risk file types are flagged with recommendation to upload as archives (ZIP, 7z) for safer distribution.

Detection Methods

Extension check	50+ executable extensions
Magic bytes	MZ, ELF, Mach-O, #! shebang
MIME detection	Content-based type inference
Double extension	file.pdf.exe detection
Disguise detection	Safe ext + exec content = reject

Risk Levels

Low Risk

Standard files: images, documents, text, archives

Medium Risk

Scripts, macros, less common executable formats

High Risk

.exe, .dll, .bat, .ps1, .jar, .apk, .sh, .bin

Executable Categories

windows_binary  → .exe, .dll, .com, .scr, .msi
windows_script  → .bat, .cmd, .ps1, .vbs, .wsf
unix_binary     → ELF binaries, .so, .ko, .run
unix_script     → .sh, .bash, .zsh, .ksh
macos_binary    → .app, .pkg, .dmg
java_archive    → .jar
python_script   → .py, .pyw
office_macro    → .docm, .xlsm, .pptm
android_package → .apk
ios_package     → .ipa

Transparent to Users

Policy evaluation happens automatically. Legitimate files upload normally. Only truly malicious patterns (like disguised executables) are rejected.

Temporary File Sharing

No Encryption

Text File Detected

Text Pasted

Share Code Snippet

DMCA Takedown Policy

Overview

Safe Harbor Notice

Filing a DMCA Takedown Request

Submit Request

Our Response

Counter-Notification

Frequently Asked Questions

Getting Started

How does tmp0.cc work?

Do I need an account?

File Limits

Maximum file size?

How long are files stored?

Multiple files?

Code Snippets

Share Code Snippets

Snippet Limits

Text File Detection

Sharing

QR Code

Delete Link

Anonymous Drop Box

What is a Drop Box?

How does it work?

Privacy guarantees

Limits

P2P Transfer

What is P2P Transfer?

How does it work?

When should I use P2P vs. regular upload?

Limitations

Security & Encryption

Encryption Modes

Virus scanning

Why was my upload blocked?

Privacy Policy

Privacy-First Architecture

What We Don't Collect

What We Store (Minimal)

Code Snippets

Delete Link & Your Right to Erasure

P2P Transfer

QR Codes

Temporary Security Data

Third-Party Services & JavaScript Security

Security Scanning

Encryption Details

Automatic Metadata Stripping

Transparency Log (This IS a Log)

CLI Tool & API

Data Retention & Deletion

Jurisdiction & Legal Framework

GDPR & EEA Data Protection Compliance

Government & Legal Request Policy

Transparency Report

Backup & Data Recovery Policy

Key Management

Contact

Terms of Service

1. Agreement

2. Service Description

3. Security Measures

4. User Responsibilities

5. Prohibited Content

6. Delete Links

7. Code Snippets

8. P2P Transfer

9. Abuse Prevention

10. Age Requirement

11. Service Availability

12. Disclaimer of Warranties

13. Limitation of Liability

14. User-Generated Content

15. Indemnification