Secure Links

Nyxen Secure Links are one-time or short-lived encrypted messages delivered as links. They exist for a specific purpose—send something precise, let it be read once (or briefly), and ensure it does not become part of anyone’s long-term history.

Concept

A Secure Link is:

  • a client-side encrypted payload

  • wrapped in a short URL

  • optionally one-view or few-views

  • protected by a TTL

  • burned automatically after use

Secure Links are ideal for:

  • passwords or secrets

  • access instructions

  • sensitive notes

  • coordination details that should not live in chat logs

[!IMPORTANT] Once a Secure Link expires or is consumed (based on your settings), the underlying content is permanently destroyed.

Core Properties

Property
Description

Access Model

URL + key fragment (inline or split)

Encryption

Client-side (e.g. AES-GCM)

TTL

Minutes to hours (configurable)

View Limit

One-time or limited number of opens

Storage

Ciphertext only, deleted on expiry or final view

Identity

No accounts, no user profile, no tracking

[!NOTE] Treat Secure Links as consumable objects, not bookmarks.

Lifecycle

  1. Compose – write the sensitive content.

  2. Encrypt – performed locally in the browser/app.

  3. Generate Link – short URL referencing encrypted payload.

  4. Deliver – send link (and key if split) via your chosen channel(s).

  5. Consume – recipient opens, decrypts, reads.

  6. Burn – link becomes invalid after TTL or view limit.

1. Compose

User inputs:

  • Message body (e.g. credentials, meeting detail, key material)

  • TTL (e.g. 10, 30, 60 minutes)

  • View policy:

    • one_view (default for sensitive)

    • max_views = N (where N is small)

Optional:

  • Passphrase requirement

  • Label for reference (non-sensitive)

2. Client-Side Encryption

The message is encrypted on the client before upload.

const key = generateSecureKey();              // local only
const { ciphertext, nonce } = encryptWithKey(key, message);

await sendToNyxen({
  linkId,
  nonce,
  ciphertext,
  maxViews,
  expiresAt
});

Nyxen never receives the plaintext or the encryption key.

3. Link Generation

Two patterns:

A. Full Link (Simple)

Key is encoded in the URL fragment:

https://nyxen.vip/link/A93KD#Kf9sQ2...

The fragment (#...) is not sent to the server in HTTP requests, only used client-side for decryption.

B. Split Link (Recommended)

  • URL only:

https://nyxen.vip/link/A93KD

  • Key sent separately (another channel, offline, voice, etc.).

[!TIP] Use split delivery for anything sensitive enough that you’re considering Nyxen in the first place.

4. Consumption Rules

When a recipient opens a Secure Link:

  1. Nyxen checks:

    • linkId exists

    • TTL not expired

    • view limit not exceeded

  2. Client:

    • retrieves ciphertext

    • uses the key (from fragment or input) to decrypt locally

  3. Content is rendered once in the browser.

If one_view:

  • On successful decryption:

    • Nyxen increments view count and immediately purges the stored ciphertext.

    • Refreshing the page shows: “This Secure Link has been consumed.”

If max_views > 1:

  • Count decrements with each valid decryption.

  • On final allowed view, payload is deleted.

[!IMPORTANT] Nyxen does not try to outsmart screenshots, screen recording, or a user manually copying text. It guarantees the platform does not hold the content after the conditions are met.

Recommended Usage Patterns

Scenario
TTL
View Limit
Notes

Credential / API key

5–15 minutes

1

Split link + key. Burn immediately.

Internal approval context

10–30 minutes

1–3

Use link for context, not final docs.

Sensitive meeting coordinates

15–60 minutes

1–3

Short TTL; treat as disposable.

Incident response instructions

10–30 minutes

1–3

Rotate links as incident evolves.

[!TIP] Default to one_view plus a short TTL. If someone needs it again, generate a new Secure Link.

Example: User Flow

Simple example you can include as a quick guide:

  1. Open Nyxen Secure Links.

  2. Paste the sensitive text (e.g. temporary login, vault code).

  3. Set:

    • TTL: 15 minutes

    • View limit: 1

  4. Generate link.

  5. Send:

    • Link via your normal channel.

    • Key fragment verbally or via a second channel.

  6. Confirm recipient used it.

  7. Nyxen automatically invalidates the link on first open.

Result: no chat transcript containing the secret, no persistent DM screenshot risk from your side.

How Secure Links Relate to Dead Drops

  • Dead Drops: multi-message, ephemeral rooms.

  • Secure Links: single, self-contained payloads.

Use Secure Links when:

  • you don’t need a conversation,

  • you just need to pass one critical piece of information safely,

  • and ensure it cannot linger on any server controlled by you or Nyxen.

Both follow the same Nyxen guarantees:

  • key-based

  • client-side encrypted

  • time-bound

  • irreversible once burned

PreviousDead DropsNextFile Drops

Last updated