Please paste the encrypted message into the box

    to File       Binary     Text

Welcome to SeeOnce

Before you do anything else, you must choose a secret Password, which you will memorize and won't tell anyone, and click OK.

Its measured strength will appear above it as you begin to type. If it is worse than Medium, things will be very slow.

Make sure to use $ymbol$, numb3rs, caPiTals, unusual words and mespelingss.

The Suggest button will get you started with five words, which you can modify at will.

Your Password will not be stored or sent anywhere.


You will need to re-enter your Password after 5 minutes

Looks like you changed your Password recently. If you want to continue this conversation, please supply the previous Password in the box below, then click OK

This message was encrypted with a new Password. Please select the sender on the list (old data will be overwritten) or type a new name in the box below, then click OK

Please select the recipient on the list below and click OK, or invite a new user with the lower button

Warning: the contents of invitations are NOT SECURE
If the main box contains sensitive information, you should cancel now and try again after changing it.

Choose the type of chat, then click OK

  Text and files     Audio     Video     Jitsi


Please enter the cover text for hiding and click OK



If you go ahead, the current conversation with the sender will be reset
This may be OK if this is a new message, but if it is an old one the conversation will go out of sync


Welcome to SeeOnce

   For help on how to do things, click on each title.

What is SeeOnce?

SeeOnce makes your favorite email or messaging app private by encrypting it end-to-end so only the recipient can decrypt your message or file, and then usually only once. When a conversation gets under way, the data held by the email or messaging provider becomes unreadable by anyone as soon as the recipient decrypts it.

You can also use SeeOnce for real-time secure chat sessions involving text, files, audio, or even video. The connection is direct between participants, with a server getting involved only at the start so they can find each other.

SeeOnce runs on a browser, which makes it platform-independent, plus native Android, and Chrome apps. The chat component, however, does not yet run on IE or Safari, or under iOS.

SeeOnce is still in experimental phase, as it has not yet been duly vetted by experts. Bear this in mind before entrusting sensitive information to it.

If you want more capability, you may want to try PassLok, from In addition to Read-once encryption and Letters encoding for a single recipient, PassLok implements three more encryption and five more steganography modes, plus signatures and secret splitting. PassLok can also encrypt for several recipients at once, and allows multiple users (or multiple identities) on the same machine. One of its versions, PassLok for Email, integrates directly into Gmail, Yaoo Mail, and Outlook online. SeeOnce is fully compatible with PassLok Privacy, the standalone version of PassLok, but not with PassLok for Email.

How do I use SeeOnce?

The first time SeeOnce ran on your machine, you were asked to come up with a secret Password. You must remember this Password and never give it to anyone, not even your friends. SeeOnce gives you a score as you type it and tells you how long it will take to process it. The lower the score, the longer it takes, so it is better to come up with a good Password. SeeOnce doesn't store it or send it anywhere at all.

After that, as soon as you paste into SeeOnce a encrypted message you have received, it decrypts automatically, and this normally only once. If you load SeeOnce from an email link, you don't even have to copy and paste. The first time you get a message from someone, or if the sender's Password has changed, SeeOnce will ask you to select the sender's name from a list or type in a new name.

To reply to a message, just type your reply into SeeOnce, either plain or with formatting (the formatting tools are shown by clicking the Rich button).Then click the Encrypt button. A encrypted message containing a link is generated. You can then send it through your default email by clicking the Email button, if enabled in your browser and the contents are not too long. SeeOnce may ask you to identify the person you are replying to, before the message is encrypted.

If you want your encrypted message to look like normal text rather than encrypted gibberish, click the Hide button after encryption. You will then be asked for a cover text, which you can store for the session by clicking a checkbox.

To send a message to a person other than the last message's sender, click To... and select the new recipient. If that person is not yet on the list, you can still send the message to him/her by clicking the Invite button. But be careful, because the contents of invitation messages are NOT SECURE.

You can encrypt images or files, or have the result converted into a file that you can send as an attachment. Just check the to File box before encrypting, plus the type of file you want (binary or text).

This and more is explained in these video tutorials (warning: watching them may leak your IP number):

Part 1: essentials.

Part 2: resetting, hiding, formatting.

Part 3: chat, files, backup.

Something is not working

There is a fairly tight limit on the size of a message that can be sent directly to the default email client, so that clicking Email produces an error. If this happens, simply copy the contents of the main box to clipboard, start a new email in your client, and then paste.

If a new message fails to decrypt even though the Password is correct, this may be because the conversation has gone out of sync after moving to another machine without copying the stored data (see the help item on how to do this) or decrypting an old reset message. To get back in sync, click the Reset button twice and send an encrypted message to the other person asking to repeat the last message.

Some browsers have trouble sending encrypted messages to the email client (especially if it is the standalone Outlook program), and may corrupt them so that the recipient cannot decrypt them. Please make sure the email client got the entire encrypted message without dropping anything ("+" and "/" characters may be a problem). If something goes wrong, you can always copy the encrypted message to clipboard, and then paste it into your communications program.

Can I change my Password?

Sure! Just type in a new Password when you reload SeeOnce. Since some data is stored encrypted with the Password, you may be asked to supply the old Password in order to access that data and update the encryption.

If you change your Password, recipients will see your next message as coming from an unknown source, and will be asked to identify the sender, but things will continue normally after that.

This and more is explained in this video tutorial (warning: watching it may leak your IP number):

Can I change machines?

SeeOnce depends on ephemeral keys for its operation, and those are stored encrypted within the browser. This means that messages will fail to decrypt if you move to a new machine or a different browser (except in the Chrome app, see below), but there is a way around this:

When you click the Backup button, a special backup item containing the stored data appears in the box. It is encrypted by your secret Password. You can now copy it and save it somewhere. An email draft can be handy for this. When you paste the backup into SeeOnce, the data will be loaded back so you can continue conversations on a different machine.

As soon as the backup is made, SeeOnce asks if you also want to wipe the storage. If you click the button again, all SeeOnce data stored in this machine is erased.

In the Chrome app version of SeeOnce, the ephemeral data is synced across devices as soon as you log into your Chrome account, so you can continue conversations in course using different machines. All the sensitive synced data is encrypted. The wipe operation only affects the local copy of the data.

How does Chat work?

If you click the Chat button, a dialog asks you what kind of real-time chat you want to set up. There are four choices: text and files, this plus audio, all this plus video, and Jitsi, which is more polished but lacks file exchange.

After you click OK, SeeOnce makes a chat invite exactly as when encrypting a message. You then send it to the other participant. At the same time, a chat window opens asking you to supply an alias for the current chat. After you do this, the chat session waits for the other person to join. If the chat window fails to open, check that the browser is not blocking pop-ups from SeeOnce.

When the recipient gets your chat invite, he/she will decrypt it like any other SeeOnce message and then the chat window will open and ask for an alias. When he/she supplies this, you'll be connected directly to one another. You both may also be asked to grant permission to feed audio or video when the connection takes place.

If you want to invite a third person to the chat, copy the chat URL from its adress bar and send it securely to the third person. You can reload SeeOnce for this purpose; the chat won't be affected.

If you get disconnected, just reload the chat window and type your alias again. The chat ceases to exist when all participants close their chat windows.

Can I send files?

Chat has its own secure file-sending process, so we refer here to sending files by email. You have two choices:

1. Encrypt the files using AES with a utility such as 7-zip (Windows), Keka (OSX), or p7zip (Linux), then encrypt the encryption password inside a URSA-encrypted message, and attach the encrypted archive to your email.

2. You can also load files using the icon second from the right of the rich text toolbar (you may need to display the toolbar by clicking Rich), which will load each file as a link, and then encrypt them as a regular message. After decryption, the recipient can save all files with the toolbar button on the right, or each file by right-clicking it and selecting Save Link as... If the file is an image and you want it to display as such, click the icon directly to the left of the one for loading files.

If the file loaded is text, it will load as text rather than as a link, which may be a problem if the file is large.

Are there any potential insecurities?

We have tried to make SeeOnce extremely easy to use without impacting security, but tradeoffs do exist. There are three main issues that you must be aware of:

1. Users are not authenticated. This means that someone could gain access to your correspondent's email account and impersonate him/her without your realizing it. From time to time you should ask your correspondent to send you something that only he/she could produce (for instance, a selfie picture where he/she does something you requested in your previous message). If your correspondent switches Password he/she should tell you about it, because SeeOnce will warn you that his/her Password has changed. To further protect you against a "man in the middle," follow the instructions at the end of this help item.

2. Not all messages have the same level of security, which builds up with each message exchanged. Invitations have no security at all, as they can be read by anyone anytime. First replies and replies made right after a reset are secure against third parties reading them, but they can be read indefinitely both by sender and recipient. The replies to those can be read more than once, but only until a new reply is made. The second reply from either end is immediately unreadable after the first read, but still a powerful enemy who obtains both Passwords and gains access to both machines would be able to reconstruct the plain contents. Third replies and beyond, however, become absolutely unreadable by anyone as soon as the recipient decrypts them once.

3. Hackers could change the code at the web server, and thereby destroy all security without users realizing it. The native app versions of SeeOnce are code-signed by the respective app stores so this is not a problem with them, but if you are concerned about the authenticity of the web app, you can verify it by following the instructions below.

Click here for instructions against a "man in the middle."

The easy way: ask your correspondent to read over the phone (or in an audio or video SeeOnce chat session) a substantial portion of the special SeeOnce link made on his/her side when making a reply, or the beginning of any encrypted message, which should match what you're getting. Fifteen characters or so will be enough. But if you are communicating exclusively by email, you can send a person whom you know and who knows you the following message or something like it, which implements something called the "interlock protocol":

Dear So-and-So:
I want to make sure there is no "man in the middle" of our SeeOnce exchange. Here's what I want you to do:

  1. Write me a encrypted reply where you ask me to take a picture or video of myself doing something of your choice. Then split the encrypted message (the gibberish after the link) into two and send me the first half only.
  2. When I receive your first half, I will also write a reply asking you to do something in a picture or short video. I'll send you half of the encrypted message first. When you get it, go ahead and send me the other half of your encrypted message.
  3. When I get your second half, I'll put the two halves together and decrypt your message. Then, following your instructions I'll send you the picture or video right away, decrypted, along with the second half of my encrypted request.
  4. When you get it, please verify that what I sent conforms to your instructions. If so, put together the two halves of my encrypted message, decrypt it, and send me what I ask in the message as soon as possible, decrypted as well. Then I'll know that there is no one in-between us.

Many thanks. Sincerely, This-and-That

Click here for instructions to verify the SeeOnce code.

Warning: following the links in these instructions may give away your location; proceed with caution.

1. Head to and write in the second box from the top, then type Enter or click "Convert File". This will instruct this website to fetch the SeeOnce code from its server and perform a SHA256 operation on it.

2. A new screen should appear, displaying the SHA256 string in several formats. Now you want to compare this with the published value, which is available at different places. If both strings are the same, the code is tamper-free. Here are a few locations where this string in published:

3. Hackers may also be able to change the published SHA256 string, so this is why a video of F. Ruiz, the SeeOnce developer, reading the string aloud with background music always accompanies the string. Watch it to make double sure the code is authentic.

What's underneath SeeOnce?

SeeOnce is the little sibling of PassLok Privacy (, from which it takes its Read-once encryption mode. In this mode, encryption keys are changed for every message, so that previous messages become impossible to decrypt by anyone. Invitations are encrypted with the user's own Lock, which makes them not secure (users are warned of this), but they have the same feel as a regular encryption in order to maintain a consistent user experience.

Likewise, while PassLok includes a complete directory management system for other user's Locks (public keys), SeeOnce makes this automatic by including the sender's Lock at the start of every message sent.

You can get full details on SeeOnce's cryptography from the SeeOnce technical document..

Keyboard shortcuts

The main functions in SeeOnce can be accessed directly from the keyboard. The button tooltips tell you what the shortcut is for each button that has a shortcut, but below is a list just in case:

Privacy Statement and Warrant Canary

SeeOnce is a self-contained piece of code that does not rely on servers to do its job. Therefore:

1. We cannot give your secret Password to anyone (not even yourself) because we don't have it. Your Password is never stored or transmitted, and gets deleted from memory after five minutes of not being used. We don't have ephemeral keys, either.

2. We cannot give your private data to anyone because SeeOnce does not send anything out of your device. When you download the app from the web server, you get only the code, without any cookies, plugins, or anything of that sort. We get back nothing from you.

3. We cannot eavesdrop on your chat sessions, or enable anyone to do so. Establishing a chat session does involve contacting a signaling server (Firebase) and giving it your IP address and a disposable chatroom name so that others can contact you; the signaling server never sees the content of your chat, which is between participants only. The SeeOnce web server doesn't even see the connection data.

4. We will never weaken the cryptography methods contained within SeeOnce at the request of a third party, private or public. This also means no backdoors will ever be added. We would rather shut down SeeOnce than be forced to do this, which would betray the very essence of our efforts. If we learn that a counterfeit version of SeeOnce is circulating, whether placed by hackers or government agencies, we will make the fact known to users.

Notice: Since SeeOnce is distributed as a piece of human-readable code, we consider it an expression of free speech protected by the laws of many countries. Putting into circulation tampered versions of SeeOnce, whether by individuals or public entities, violates free speech and copyright protection laws.

SeeOnce contains strong cryptographic methods, which may be illegal to use in some countries. Please check the local laws before using SeeOnce.

This paragraph and the canary logo above attest to the fact that, up until the release of version 1.2.13 (March 2023) we have not received any requests under gag order for user data or modifications of the code. This paragraph will be periodically updated as this situation continues.

SeeOnce 1.2.13 © F. Ruiz 2023
This document may be used, modified or redistributed under GNU GPL license, version 3.0 or higher.