Privnote alternative
Privnote destroys notes after reading. So does VoidNote — but there's a fundamental difference in who can read them first.
How Privnote handles your data
When you create a note on Privnote, the plaintext travels to their server. Their server stores it (encrypted with a server-held key or unencrypted) and destroys it after the link is opened. The destruction is real — but so is the window where Privnote, their infrastructure provider, or anyone with access to their database can read your content before it's burned.
For most secrets — passwords, OTPs, private messages — that window is the entire threat model you're trying to close. A server that can read your note before burning it isn't zero-knowledge. It's just self-destructing.
How VoidNote is different
VoidNote encrypts in your browser before anything is sent. The encryption key is derived from a random secret
generated locally — and that secret lives only in the URL fragment (#...).
Fragments are never sent to the server by any HTTP client. Our server receives a lookup token and an encrypted blob.
We cannot decrypt your notes. Not when you create them, not when someone reads them, not under subpoena. The math prevents it — this isn't a policy promise.
URL: voidnote.net/n/<tokenId>#<secret>
key = SHA-256(secret) ← derived locally, never transmitted
ciphertext = AES-256-GCM(plaintext, key, random_iv)
server stores: tokenId + ciphertext + iv ← cannot decrypt
Feature comparison
| Feature | Privnote | VoidNote |
|---|---|---|
| Self-destructs after reading | ✓ | ✓ |
| Client-side encryption (zero-knowledge) | ✗ | ✓ |
| Server cannot read your content | ✗ | ✓ |
| Password protection | ✓ | ✓ |
| Custom expiry | ✗ | ✓ |
| Multi-view notes | ✗ | ✓ |
| Encrypted file vault | ✗ | ✓ |
| Live encrypted streams | ✗ | ✓ |
| CLI tool | ✗ | ✓ |
| API / SDK | ✗ | ✓ |
| Open source | ✗ | ✓ |
When you might still use Privnote
Privnote requires no account, loads instantly, and has been around long enough that most people recognise the link format. If you're sending something low-sensitivity where the only goal is self-destruction (not secrecy from the service itself), it does that job fine. If the content is genuinely sensitive — passwords, API keys, credentials, private messages — you need a service whose server cannot read your content even if it wanted to.
Get started with VoidNote
No account needed to create a note. Registration unlocks multi-view notes, the vault, live streams, and the API. The free tier includes 5 credits — enough to try everything.