Skip to content

UnoLock Drop

Overview

UnoLock Drop is the sender client for Vault Messaging Receive Addresses. A recipient creates a Receive Address inside their Safe and shares it (or a shareable link). Anyone can use UnoLock Drop to send encrypted messages and files to a Safe through that address without creating an account or Safe.

UnoLock Drop is built for first-contact scenarios: whistleblowing, legal intake, investigative tips, and sensitive disclosures where minimizing metadata matters.

How It Works

  • Recipient creates a Receive Address: each address has its own keypair and policy controls.
  • Share the address or link: the link opens UnoLock Drop with the address prefilled.
  • Sender message (optional): a public note shown before submission.
  • Sender uses UnoLock Drop: no login required; the client encrypts locally and uploads the sealed payload.
  • Hashed addressing: the Receive Address is hashed client-side and sent as vaultxAddressHash.
  • Recipient decrypts in Messaging: drops appear in the Safe’s inbox and are decrypted client-side.
  • Optional local address book: senders can save frequently used Receive Addresses in a local, password‑encrypted address book (stored on their device only).

What It Is (and isn’t)

  • UnoLock Drop is sender‑only: it does not have an inbox and cannot receive replies.
  • Receive Addresses are the same format for Safe‑to‑Safe exchange and UnoLock Drop senders. The difference is the sender client, not the address type.
  • Tier behavior: Sovereign and HighRisk can create Receive Addresses. Free and Inheritance can still send messages/files and can optionally allow replies per message.

Security Implications

  • No account required: senders do not need a Safe to deliver a message.
  • Address privacy: the server never receives raw Receive Addresses, only hashes.
  • Per‑address keys: each Receive Address isolates risk to a single conversation stream.
  • Policy controls: enforce usage limits, throttling, and attachment rules per address.
  • Optional extra anonymity: access the Drop Client via Tor for additional network privacy.
  • Local-only address book: saved addresses are encrypted with a user password and never synced.

Use Cases

  • Whistleblowing and tips: enable anonymous submissions without creating accounts.
  • Legal and journalism intake: publish a single-use or rate-limited Receive Address for sensitive sources.
  • High‑risk one‑off exchanges: rotate addresses after a short window to reduce exposure.

Why It Matters

UnoLock Drop makes anonymous first contact practical. It reduces setup friction for senders, keeps raw addresses off the server, and gives recipients control over exposure with per-address limits and throttles.

FAQs

Do I need a Safe to send with UnoLock Drop?

No. UnoLock Drop is designed for senders who do not have a Safe.

What is a Receive Address?

A Receive Address is a shareable messaging address with its own keypair and policy limits. The server stores only the hashed version.

Can I save addresses for later?

Yes. UnoLock Drop can store addresses locally in a password-encrypted address book.

Can I revoke or rotate an address?

Yes. Receive Addresses can be disabled or deleted at any time to prevent new messages.

Compliance & Privacy Regulations

  • GDPR Alignment: UnoLock Drop avoids storing raw sender identities and keeps content client-side encrypted.

Integration with Other Features

  • Post-Quantum Encryption: ML-KEM-1024 + AES-256-GCM protect payloads against future cryptographic threats.
  • Threat Detection: Runtime monitoring helps detect tampering in the Drop Client and Safe workflows.

Back to Features Overview