Burn-After-Reading Messages — One-Time Pickup Code

What is a burn-after-reading message?

A burn-after-reading message (also called a self-destructing message or one-time message) is a piece of text that is automatically deleted from the server the moment someone reads it. The sender writes a message, receives a short pickup code, and shares that code with the recipient. When the recipient enters the code, the message is retrieved and immediately destroyed — there is no second read.

Message Shuttle implements this with a single getAndDelete operation on Cloudflare KV: the read and the delete happen in one atomic call, so there is no window where the message exists after being viewed. Additionally, every message has a 24-hour time-to-live (86,400 seconds). If nobody picks it up, it is automatically purged.

This model is useful any time you need to share something sensitive — a password, a verification code, a bank account number — and you want it gone the moment the other person reads it. Unlike a message in a group chat or email thread, there is no permanent record to search, leak, or accidentally forward.

Why use burn-after-reading?

• No chat history residue — passwords, API keys, or OTPs shared via Slack, WeChat, or email persist indefinitely in logs and backups. A burn-after-reading message leaves no trace on the server after pickup.
• Cross-device, cross-platform — works in any web browser. The recipient does not need to install an app or create an account.
• Simple sharing model — a 4-character code is easy to read aloud, type manually, or paste into any chat. No deep links or QR codes required.
• Automatic expiry — even if the recipient never opens the message, it is deleted after 24 hours. You do not need to remember to clean up.
• No registration friction — the sender and recipient both use the tool without creating an account. Open the page, type, send.

How to send a burn-after-reading message with Message Shuttle

1. Write your message. Open msg.shuttlelab.org/send and type or paste the message you want to send into the text box.
2. Click “Send Message”. The system generates a 4-character uppercase hex pickup code (for example, A3F1). The code is derived from crypto.randomUUID() and has 65,536 possible combinations.
3. Share the code. Use the “Share with code” button to copy the pickup URL and code to your clipboard, then paste them into any messaging app. Or just tell the recipient the code verbally.
4. Recipient picks up. The recipient opens msg.shuttlelab.org/pickup, enters the 4-character code, and clicks “Confirm”. The message content is automatically copied to their clipboard and simultaneously deleted from the server.

The entire process takes about 30 seconds. No accounts, no app installations, no browser extensions. Works on any device with a web browser.

What burn-after-reading does and does NOT protect against

Protects against: server-side message retention

After the recipient reads the message, it is deleted from Cloudflare KV. There is no server-side copy, no backup, and no log of the message content. The getAndDelete operation is atomic.

Protects against: forgotten messages lingering indefinitely

Every message expires after 24 hours (86,400 seconds) by default. Even if no one reads it, Cloudflare KV removes it automatically.

Does NOT protect against: screenshots and screen recording

The recipient can take a screenshot, copy the text before it is deleted, photograph their screen, or use screen recording software. No web-based tool can prevent this.

Does NOT protect against: server-side access during storage

Messages are stored in Cloudflare KV without application-level encryption. While Cloudflare encrypts data at rest, the server can technically read message content during the storage window. Message Shuttle does not log message content, but it is not end-to-end encrypted.

Does NOT protect against: brute-force code guessing

The 4-character hex code has 65,536 possible combinations. There is no rate limiting on the pickup endpoint in the current version. For highly sensitive content, consider sharing the code through a separate channel from the message link.

Message Shuttle vs PrivNote vs OneTimeSecret

All three tools follow the same core model: write a message, get a link or code, message is deleted after reading. Here are the key differences:

• Message Shuttle — completely free, no signup, 4-character pickup code, bilingual (Chinese/English), deployed on Cloudflare edge. Open source (GitHub).
• PrivNote (privnote.com) — established since 2010, uses a URL-based model (no separate code). Free tier supported by ads. English only. Not open source.
• OneTimeSecret (onetimesecret.com) — open source, supports optional passphrase protection. Free tier has limits; paid plans available. English only.

None of the three offer end-to-end encryption. All rely on server-side deletion after reading. Signal's disappearing messages and WhatsApp's view-once feature provide end-to-end encryption but require both parties to install the app and add each other as contacts.

Frequently Asked Questions

Is the message really deleted after reading?

Yes. Message Shuttle uses a getAndDelete operation — the server reads and deletes the message in a single atomic call. The same pickup code cannot be used twice; a second attempt returns a 404 error.

What if the recipient never reads the message?

Every message has a 24-hour time-to-live (86,400 seconds). If the recipient does not pick it up within that window, Cloudflare KV automatically deletes the message. No manual cleanup is needed.

How secure is the 4-character pickup code?

The code is 4 uppercase hexadecimal characters (0–9, A–F), giving 65,536 possible combinations. It is generated from the first 4 characters of crypto.randomUUID(). A single random guess has about a 0.0015% chance of success.

Is burn-after-reading the same as end-to-end encryption?

No. Burn-after-reading deletes the message after it is read; end-to-end encryption prevents the server from reading the content in the first place. Message Shuttle provides deletion-on-read and auto-expiry, but the message is stored in Cloudflare KV without application-level encryption. The server can technically read it.

Can someone screenshot the message before it is deleted?

Yes. Burn-after-reading protects against the message persisting on the server — it does not prevent the recipient from taking a screenshot, copying the text, or photographing their screen. This is a fundamental limitation of any web-based burn-after-reading tool.

Is Message Shuttle's burn-after-reading free?

Yes. Message Shuttle is completely free with no signup, no ads, and no usage limits. It is maintained independently by ShuttleLab.