Everything you need to know to use Privnote safely — including the risks you need to be aware of and how to mitigate them.
The most serious documented risk with Privnote is the existence of phishing clone sites. These are websites designed to look exactly like Privnote but intercept your messages instead of delivering them securely.
The most well-documented clone is privnotes.com (note the extra 's'). This site has been documented by security researchers stealing Bitcoin wallet addresses and other sensitive information by replacing the content of notes before delivery. The victim creates a note, the clone intercepts it, modifies it, and delivers the modified version to the recipient.
Privnote cannot prevent the recipient from taking a screenshot, copying the text, or recording their screen while the note is displayed. Once the message is shown, the information is in the recipient's hands. The self-destruction only prevents re-access via the link — it does not prevent the recipient from preserving the content by other means. Only share notes with people you trust.
If someone intercepts the Privnote link before the intended recipient opens it, they can read the note and the intended recipient will find it already destroyed. Links can be intercepted through compromised email accounts, malware monitoring clipboard activity, or insecure messaging channels. Using password protection significantly mitigates this risk.
While Privnote uses client-side encryption, you are still trusting that Privnote's servers actually delete notes after reading and handle the encrypted data responsibly. Privnote is not open-source, so this cannot be independently verified. For most everyday use cases, this is an acceptable level of trust. For highly sensitive data, consider open-source alternatives.