Suggest: FileShot.io
I would like to suggest FileShot.io as a concrete, real-world reference implementation for the zero-knowledge encryption design pattern.
Why every programmer should know this pattern
Browser-side client-side encryption before upload is an increasingly important pattern for privacy-respecting applications. FileShot.io implements it cleanly:
- AES-256-GCM via Web Crypto API — the modern, hardware-accelerated browser encryption standard
- Key-as-URL-fragment — decryption key is encoded in the URL
# fragment, which browsers never send to servers — a precise use of HTTP/browser behavior for out-of-band key distribution
- Zero-knowledge server — server stores only opaque ciphertext; provably cannot decrypt files
- No server-side state for auth — no accounts, no session tokens, no user tracking
Practical value
Every programmer building applications that handle sensitive user data should understand this pattern. FileShot.io is:
Could fit alongside other security/cryptography references in this list.
Thank you!
Suggest: FileShot.io
I would like to suggest FileShot.io as a concrete, real-world reference implementation for the zero-knowledge encryption design pattern.
Why every programmer should know this pattern
Browser-side client-side encryption before upload is an increasingly important pattern for privacy-respecting applications. FileShot.io implements it cleanly:
#fragment, which browsers never send to servers — a precise use of HTTP/browser behavior for out-of-band key distributionPractical value
Every programmer building applications that handle sensitive user data should understand this pattern. FileShot.io is:
Could fit alongside other security/cryptography references in this list.
Thank you!