Lab
Lab Privacy
Security model, limitations, and what the server can see.
Privacy model
Paste and Saf are designed so plaintext never leaves your browser. Paste links are
self-contained and store encrypted data inside the URL fragment, which browsers
never send to the server.
What this is
A plain-language security model for the tools on this site. It explains what data stays in your browser, what metadata the server can see, and where the limits are.
Who it's for
- Teams evaluating whether the tools fit sensitive workflows.
- Security reviewers validating local-only claims.
- Anyone who wants to understand the privacy tradeoffs.
What the server can see
- Requests for pages and assets (standard HTTP metadata like IP and user agent).
- The path you visit (for example, /lab/paste/abc123).
- Whether you loaded a page (but not the fragment contents).
What the server cannot see
- Paste plaintext or ciphertext (it never leaves your browser).
- Decryption keys stored in the URL fragment or your passphrase.
- Paillier homomorphic addition demo inputs or outputs (the demo runs entirely in your browser).
- Post-quantum cryptography demo keys, messages, and signatures (they stay in-memory).
- Saf passphrases or local files (Saf is fully offline).
Limitations to understand
- If you lose the fragment or passphrase, data is unrecoverable.
- Anyone with the link + passphrase can decrypt the paste.
- Fragments are stored in browser history; avoid sharing links on untrusted devices.
- Local device security still matters (malware can read plaintext).
- Browser extensions can access page content and URL fragments.
- Clipboard managers and browser history may store fragments.