Hello everyone, I previously posted about Stashr, after which I received many comments from people who were very skeptical about the project. I listened to what you had to say, and I hope that with this post, I can gain your trust a little and that you will give stashr a chance. Your feedback has been very helpful in improving the project, so I am open to further feedback and questions. Stashr is a privacy-focused and encrypted file hosting service designed to make file sharing fast, simple, and anonymous. It allows users to upload and share files instantly without creating an account, while keeping privacy as a top priority. I've built Stashr around three core principles: privacy, simplicity, and speed. Key features Client-side AES-256-GCM Encryption Files are encrypted entirely in your browser before they ever leave your device. The encryption pipeline works as follows: A 16-byte salt and 12-byte IV are generated using crypto.getRandomValues() Your password is fed into PBKDF2-SHA256 with 100,000 iterations to derive a 256-bit AES key The file is then encrypted using AES-256-GCM (Galois/Counter Mode), which provides both confidentiality and integrity The encrypted output is structured as [salt][IV][ciphertext] and uploaded as a single blob Large File Uploads Stashr supports almost all file types up to 500 MB per file and allows up to 15 files per upload. Certain file types are prohibited and cannot be uploaded, particularly those known to contain malware. Unlimited Total Storage There are no monthly or weekly storage caps. You can upload an unlimited amount of data over time, as long as uploads stay within the daily rate limits. No Registration Required Creating an account is optional. Registered and unregistered users have the same upload capabilities. If you want full anonymity, simply don't create one. Free and Ad-free (for now) Stashr is currently 100% free with no ads. Ads for free users may be introduced later to cover hosting costs, but the service will always remain available to non-paying users. Password Protection Lock your files behind a password. Passwords are hashed server-side using PBKDF2-SHA256, the plaintext password is never stored. The same password is used client-side to derive the AES-256 decryption key. Adjustable Expiration Dates Set how long your files stay online, from 1 hour up to 30 days (permanent storage is currently available but experimental). Expired files are automatically flagged and no longer accessible. Download Limits Set a maximum number of downloads per file (1, 5, 10, 25, 50, or 100). Once the limit is reached, the file is automatically removed. Discord Embeds Share image links on Discord and Stashr automatically generates Open Graph preview embeds, useful in servers where direct uploads are disabled. Strong Privacy Policy Stashr collects only the minimum data needed to operate. User data will never be sold, rented, or shared with third parties for advertising or marketing. Full details: Privacy Policy Q&A Here is a list of frequently asked questions that I received on previous posts I made about Stashr. Please read these carefully before asking me questions. Q: How is Stashr funded if it’s free and ad-free? A: Right now, Stashr doesn't generate any profit. I pay for all infrastructure and hosting costs out of pocket. The project is still in active development, which is why free users currently face very few restrictions. Going forward, I plan to introduce optional paid plans with perks like larger uploads, faster speeds, custom links, direct links, and higher rate limits. Free users will always have access, though some limits may be adjusted and ads may be added to cover the costs. There's also a donation option at the bottom of the site, if you'd like to help me cover the costs and keep Stashr free. Q: This sounds too good to be true. What's the catch? Well there isn't really one. I'm a developer who wanted a simple, privacy-respecting file sharing tool. I built it, it works, and I'd like to share it with others. The only "catch" is that there's no VC money behind it. No marketing budget, no growth team. It'll either succeed because people find it useful, or it won't. Q: What prevents people from uploading illegal or abusive content? I take abuse seriously and have set multiple safeguards: File types commonly associated with malware (.exe, .bat, .sh, etc.) are blocked entirely Automated rate limiting, cooldowns, and IP blacklisting prevent spam and repeated abuse Every upload includes a "Report Abuse" button, reports are reviewed within 48 hours CSAM results in immediate permanent bans, file removal, and reporting to authorities Privacy does not mean lawlessness. Illegal content is not tolerated under any circumstances. Q: Can I trust that you won't shut down and delete my files? Stashr is a personal project, I can't promise it will exist forever. But I'm committed to running it as long as it's technically and financially viable Current costs are manageable, and I have a full-time job outside of this The codebase is owned and actively maintained by me If I ever need to shut down, I will give clear advance notice That said, and this applies to every free hosting service, never rely on a single provider for critical backups. Q: What happens when law enforcement requests user data? If presented with a valid legal order from a court with jurisdiction, I would comply, because I'm legally required to. What matters is what data actually exists to hand over. I don't have any: Browsing history, Behavioral analytics, User profiles Plaintext passwords (PBKDF2-SHA256, 100k iterations) No decryption keys for encrypted files (derived client-side, never sent to Stashr) IP-based rate limiting data expires automatically (minutes to hours) For encrypted uploads, all I could provide is the ciphertext, upload timestamp, and IP address. The file contents would be unreadable without the decryption key. For unregistered uploads without encryption, the data trail is: IP address, timestamp, file metadata, and the file itself. This is why I recommend using encryption and not creating an account if you really care about staying anonymous. Q: Can't you technically access my files? With client-side encryption enabled: No. Files are encrypted with AES-256-GCM in your browser using a key derived from your password via PBKDF2. Stashr never sees the plaintext password or the decryption key, only the encrypted blob is uploaded. Without encryption, then yes, as the service operator, I could technically access files. That's true for virtually every cloud storage service, including Google Drive and Dropbox. The difference is intent. Google scans files to serve ads. Dropbox analyzes content for features and compliance. I have have no reason to look at your files, there are no ads to target, no profiles to build. For maximum privacy, use the built-in encryption, or encrypt files yourself using tools like VeraCrypt, 7-Zip (AES-256), or GPG before uploading. If you have any other questions about Stashr, please feel free to ask them here or visit Stashr's FAQ page to find answers about frequently asked questions. If you have feature requests, bug reports, privacy concerns, or general feedback, I'd like to hear it. I'm actively developing Stashr and making imporvements based on your needs. Leave a comment under this post or reach out to me through the contact form Thank you for reading this post and please consider upvoting to support Stashr.   submitted by   /u/user1337001 [link]   [comments]