Safety Guide

Everything you need to know to use Privnote safely — including the risks you need to be aware of and how to mitigate them.

The #1 Risk: Phishing Clone Sites

Cybersecurity warning

⚠ Critical Warning: Fake Privnote Sites

The most serious documented risk with Privnote is the existence of phishing clone sites. These are websites designed to look exactly like Privnote but intercept your messages instead of delivering them securely.

The most well-documented clone is privnotes.com (note the extra 's'). This site has been documented by security researchers stealing Bitcoin wallet addresses and other sensitive information by replacing the content of notes before delivery. The victim creates a note, the clone intercepts it, modifies it, and delivers the modified version to the recipient.

How to Protect Yourself

  • Always type privnote.com directly into your browser's address bar — never follow links to Privnote from untrusted sources.
  • Verify the exact domain before typing anything: it must be privnote.com, not privnotes.com, privnote.net, or any other variation.
  • Look for the HTTPS padlock icon in your browser's address bar.
  • Bookmark the official site so you always navigate to the correct URL.

Other Security Risks to Know

Screenshots and Screen Recording

Privnote cannot prevent the recipient from taking a screenshot, copying the text, or recording their screen while the note is displayed. Once the message is shown, the information is in the recipient's hands. The self-destruction only prevents re-access via the link — it does not prevent the recipient from preserving the content by other means. Only share notes with people you trust.

Link Interception

If someone intercepts the Privnote link before the intended recipient opens it, they can read the note and the intended recipient will find it already destroyed. Links can be intercepted through compromised email accounts, malware monitoring clipboard activity, or insecure messaging channels. Using password protection significantly mitigates this risk.

Server Trust

While Privnote uses client-side encryption, you are still trusting that Privnote's servers actually delete notes after reading and handle the encrypted data responsibly. Privnote is not open-source, so this cannot be independently verified. For most everyday use cases, this is an acceptable level of trust. For highly sensitive data, consider open-source alternatives.

When Privnote Is and Is Not Appropriate

✓ Appropriate for:

  • • Temporary passwords and initial credentials
  • • One-time access codes and verification numbers
  • • API keys for developer handoffs
  • • Personal notes you want out of email archives
  • • Short-term instructions and reminders
  • • Casual private messages between trusted parties

✗ Not appropriate for:

  • • Highly classified or legally sensitive documents
  • • Information requiring a permanent audit trail
  • • Corporate secrets needing enterprise security
  • • Information the recipient needs to reference repeatedly
  • • File transfers (text only)
  • • Long-term password storage