Frequently Asked Questions

Can 0kx access my content?

No, it is impossible for 0kx to access your file or messages. They are encrypted in your browser before being sent to 0kx servers, and the decryption key is never transmitted to 0kx. This is why you must send the decryption key by your own means. Although it is slightly inconvenient, it ensures the security of your transmission.

Is 0kx using end-to-end encryption?

Indeed, files and messages are encrypted at your end, the in browser, and subsequently transmitted to 0kx for storage, serving as an intermediary. Upon receipt, the messages are decrypted on the recipient’s end using the corresponding decryption key.

Is 0kx using PKI encryption?

No, it is not. Your file and messages are encrypted using AES 256 symmetric encryption (not PKI). 0kx does not manage the transmission of the decryption key, and you must communicate the key to your recipient(s) by your own means.

How does 0kx differs from Signal or WhatsApp, iMessage?

All those applications utilize PKI for end-to-end encryption. Although highly secure, they are susceptible to public key spoofing, which could compromise the communications. Notably, 0kx does not employ PKI, nor does it manage the exchange or management of encryption/decryption keys. This decision is a design choice. This choice presents both strengths and weaknesses. On the one hand, it prevents 0kx from accessing your content. However, it also renders you responsible for securely exchanging the decryption keys yourself.

If I send files to someone, do they need a 0kx account?

No, you can send files to anyone. They do not require any software other than their web browser. To access the files, they will need the unique link to the Secure Vault and the decryption key. Without these, the content cannot be accessed by anyone.

How long will you keep my Secure Vault?

0kx is designed to be ephemeral. The content is automatically deleted after a specified time (determined when the Secure Vault is created) or immediately after all content has been downloaded.

Why cannot I use 0kx to send the link to the Secure Vault?

This is a design decision. Since 0kx is not involved in the transmission of the link, it is impossible for 0kx to determine the identities of the recipients. It is important to note that 0kx will be aware of the IP address of any individual accessing or downloading content from the Secure Vault. Additionally, if you access a Secure Vault while logged in, 0kx will recognize that this particular user has accessed the Secure Vault.

Why are there file download limitations on some browsers?

0kx downloads encrypted content from the server and decrypts it directly in the browser. This approach offers enhanced security, but it can be computationally demanding. In certain browsers, it is not feasible to “stream” the decryption process to the disk. Consequently, all operations must be performed in memory before being saved to disk. This limitation is the reason why file sizes are restricted to 300MB on mobile devices, 1GB on desktop and tablet computers. Chrome and Edge (i.e., Chromium-based browsers) support streaming to disk, enabling efficient processing of downloads and decryptions. Therefore, Chrome or Edge browsers are mandatory for downloading files exceeding 1GB. As other browsers incorporate support for the WritableStream to the local filesystem, the list of supported browsers will be expanded.

Can someone send malware via 0kx?

Indeed, 0kx lacks the capability to verify the content uploaded or downloaded for malicious purposes. Users must rely on the legitimacy and trustworthiness of the sender of the Secure Vault used. It is imperative to exercise extreme caution when handling files of potentially hazardous types, such as .exe, .bat, and .cmd. Refrain from downloading content from Secure Vaults originating from unknown sources. To enhance security, recipients are strongly advised to validate the trustworthiness of the Secure Vault through additional communication channels. For instance, if you receive a Secure Vault from someone via email, it is recommended to contact that person via phone or text message to confirm the origin of the Secure Vault.

How can I use 0kx in the most secure fashion?

If you have something ultra-confidential to exchange, we recommend the following:

1. Protect your Internet connection with a VPN to "hide" your IP address.
2. Use your browser in incognito/private mode.
3. Use 0kx in anonymous mode (do not login).
4. If appropriate, use the message section to send the information, so it just shown/revealed in the browser, instead of being downloaded, decrypted and saved to the recipient computer disk (i.e. persisted).
5. Set the Secure Vault to delete immediatly after the download is completed.
6. Send the link to the Secure Vault and the decryption key via two independant communication channels. Ex: email and text.