# What isn't allowed?

Malware/Viruses, Spam, Child Pornography, anything malicious or with malicious intent (i.e. private documents or revenge porn).

We have zero tolerance towards child abuse. We are currently using Cloudlare's CSAM Scanning Tool to proactively identify and take action against any files that match known CSAM

# What are the allowed extensions here?

We only support the following extensions:
.mp4 .mov .m4v .ts .mkv .avi .wmv .webm .vob .gifv .mpg .mpeg .mp3 .flac .wav .png .jpeg .jpg .gif .bmp .webp .heif .tiff .svf .svg .ico .psd .ai .pdf .txt .log .csv .xml .cbr .zip .rar .7z .tar .gz .iso .torrent .kdbx

Contact us if you would like to request a new filetype.

# How can I contact the site?

[PGP Public Key]
To provide feedback or report abuse: click.me@aaaaaaaa.aaa
For other stuff you can reach us at: click@again.asd
* Do not include thumbnails, site assets (js, css), or a big list of individual file links. Only include album link.

For transparency, a public log of removed files & albums can be found here.

Will you keep my files forever?

Yes, we also offer a temporary uploads feature which will automatically delete your files after a certain period of time.
You can configure this feature through our homepage's config tab.

How can I keep track of my uploads?

Simply create a user on the site and every upload will be associated with your account, granting you access to your uploaded files through our dashboard.
You will need to do this if you ever want to delete your own uploads in the future, unless you choose to use temporary uploads.

What are albums?

Albums are a simple way of sorting uploads together.
You can then share public links to these albums, to allow everyone else to view a pretty listing of the uploads in them.

As long as you are logged in, you can create albums through our homepage or dashboard,
then afterwards you can use them with our Firefox extension or Chrome extension,
which will enable you to right click -> send file to safe, or to a desired album if you have any.
With the Chrome extension, you will have to manually set the domain in the extension's settings to https://cyberdrop.me.

If you use a Linux desktop, we also have a bash uploader that supports uploading to albums.
You can learn more about it here.

# Do you have a No-JS uploader form?

# Privacy Policy

As a condition to using the Service, you agree to the terms of the CyberDrop Privacy Policy as it may be updated from time to time. CyberDrop understands that privacy is important to both us and you. CyberDrop does not collect or store personal identifiable information such as email addresses, IP addresses, browser metadata, etc. We will not share any information with third-parties. CyberDrop uses third-party advertising companies to serve ads that may collect data when you visit our web site. These companies may use aggregated information about your visits to this and other web sites in order to provide advertisements on this site, other sites, and other forms of media about goods and services of interest to you

CyberDrop uses Matomo to understand how our site is used [Opt Out]. All data is encrypted and anonymized. We comply with Do Not Track browser settings. Under GDPR users have the right of access to all of their data and have the right to erase some or all of their data from our analytics. gdpr@cyberanalytics.nl

# Encrypted Paste Bin

CyberDrop Bin is a modified version of Up1 to allow text only and upgrade and fix vulnerabilties in the old code.
Text is encrypted client-side (in your browser) before uploading it to CyberDrop servers so we know nothing about its contents.Pastes are downloaded and decrypted in your web browser and displays with highlighting.

Technical Details:

Before an text is uploaded, a "seed" is generated. This seed can be of any length (because really, the server will never be able to tell), but has a length of 25 characters by default. The seed is then run through SHA512, giving the AES key in bytes 0-256, the CCM IV in bytes 256-384, and the server's file identifier in bytes 384-512. Using this output, the image data is then encrypted using said AES key and IV using SJCL's AES-CCM methods, and sent to the server with an identifier. Within the encryption, there is also a prepended JSON object that contains metadata (currently just the filename and mime-type). The (decrypted) blob format starts with 2 bytes denoting the JSON character length, the JSON data itself, and then the file data at the end.