zkChat
Back to blog

The Complete Guide to One-Time Messages (OTM): When, Why & How to Use Them

OTMSecurityHow it works

One-time messages ("OTM links") are one of the most powerful privacy tools on the internet and one of the most underused.

This guide explains:

  • when to use OTM
  • why they're safer than chats
  • how they eliminate screenshots, backups, and metadata
  • real-world examples where they shine

What Is a One-Time Message?

An OTM link:

  1. is encrypted locally with AES-256-GCM
  2. can be opened exactly once
  3. deletes itself instantly after being read
  4. auto-expires after 7 days if unused

No metadata. No history. No identity.

Why OTM Links Are Significantly Safer Than Normal Messaging Apps

Normal chat apps store:

  • metadata
  • timestamps
  • device fingerprints
  • account IDs
  • cloud backups

Even if content is encrypted, metadata is not.

OTM on zkChat stores:

  • nothing
  • no metadata
  • no identity
  • no history

The server only sees unreadable ciphertext.

When to Use OTM (Real Examples)

1. Sharing passwords or login credentials

Most common use case worldwide.

OTM once opened gone forever.

2. Sharing crypto seed phrases or private keys

Never paste seeds into any social messenger. OTM is the safest option.

3. Sending confidential business documents

Use cases:

  • pitch decks
  • investor spreadsheets
  • tokenomics files
  • design screenshots

OTM eliminates risk.

4. Sharing legal or medical information

Highly sensitive files need a one-time-only view.

5. Sending private photos securely

OTM is basically "self-destruct media".

6. Sharing access codes, WiFi passwords, alarm codes

Quick, clean, no trace.

7. Emotional messages you don't want stored

Breakups, confessions, apologies all ephemeral.

8. Laptop to Phone transfer without cloud accounts

Private File Drop + QR code popup.

How OTM Prevents Leaks

  • No history
  • No screenshots synced to cloud
  • No multi-open replay
  • No metadata storage
  • Automatic deletion

How OTM Works Technically

Sender:
- Encrypts message in browser
- Uploads ciphertext
- Gets link: /otm/<id>#key=<key>

Receiver:
- Opens link
- Server returns ciphertext once
- Immediately deletes stored data
- Browser decrypts locally

Zero-knowledge.

Common Questions

Q: What happens if I reload the OTM page?

A: The message is already consumed. It can only be opened once.

Q: Can someone screenshot it?

A: Technically yes, but there's no cloud sync or backup. The data never existed on a server in plaintext.

Q: What if I lose the link?

A: If the key fragment (#key=...) is missing or lost, the message is unrecoverable. That's by design.

Conclusion

OTM is what all "disappearing message" features should have been:

  • truly one-time
  • truly ephemeral
  • truly zero-knowledge

Use it anytime you need to share something sensitive without leaving a trace.

Support zkChat

zkChat stays ad-free, tracker-free and account-free. Donations help cover infrastructure and keep the project independent.