Here you'll find information about the latest changes on Temp.PM, usually in more detail than on our Twitter page
10.11.2016 - Confirmation (v3.7.8)
Message reading now requires a confirmation click. This should avoid issues with some link preview bots.
14.9.2016 - Small bug fix (v3.7.7)
Bug related to the message form reset JS code in the body tag was fixed.
12.9.2016 - New SSL certificate
The SSL certificate has been updated and it's valid for 2 years. PKP (public key pinning) will be added soon.
26.8.2016 - Small changes (v3.7.6)
• Bootstrap updated to the latest version (v3.3.7)
• Added rel=nofollow for the redirect page
• Added sitemap.xml
3.4.2016 - SQLite (v3.7.5)
• CSRF data is now stored in SQLite database instead of as filenames in empty files. This should reduce file system fragmentation. Message creation statistics will also be converted to SQLite soon.
7.3.2016 - Small adjustment (v3.7.4)
HPKP (public key pinning) was also added a few weeks ago to improve security.
14.2.2016 - Tweaks (v3.7.3)
• Server status info is now generated once every minute with linfo.
• Shred now uses unlink instead of wipesync for the final deletion which should improve performance.
13.2.2016 - New server + small bug fix (v3.7.2)
We switched to a much better server and faster connection (1gbit).
During the migration we noticed a bug in the available functions check and it's now fixed.
3.1.2016 - User agent blocklist tweaks (v3.7.0)
User agent (bot) blocklist is now array based so that it's quicker and easier to modify and perhaps slightly faster performance too. Normal page contents are not blocked anymore - only the message contents are.
29.12.2015 - Telegram fix (v3.6.9)
Telegram related issue has been fixed. Data integrity check for Bootstrap (via MaxCDN) was also added.
18.12.2015 - Improvements (v3.6.8)
After the server migration, we noticed a few things in the code that could be improved and here they are.
• Added HTTP header for page refresh/wipe (works as a backup for the HTML meta header)
• Improvements for forced SSL handling
• Shred unlink issue fixed
• Small tweaks related to the string lengths of randomly generated message IDs and passwords
• Bootstrap updated to the latest version (v3.3.6)
Source code package will be updated within the next few days.
12.12.2015 - Server migration completed
It took us a while to arrange the server but we have it now and the migration is complete. Some short downtime can be expected as we fine tune it.
Canary statement will be updated as soon as we get to the location where our PGP keys are stored. ETA 1 week.
14.11.2015 - New server coming soon!
We'll keep you updated about the server change process and the possible downtime it may cause. Check our Twitter if the site is down.
13.11.2015 - DNSSEC
has been enabled for temp.pm domain. There was also a 6 hour downtime due to some unexpected maintenance.
13.9.2015 - New SSL cert
New SSL cert has been applied and we now have A+ grade on ssllabs.com. CloudFlare is no longer used for the www redirect fix.
27.8.2015 - Small tweaks and bug fixes (v3.6.5)
Small tweaks and bug fixes for example for robots.txt, user agent blockings, variable resets. etc.
Source code package has also been updated.
6.7.2015 - Canary statement + secondary contact email (v3.6.3)
We've added a canary statement page and now we also have a secondary contact email (ProtonMail
) which can be found on the about page. Some small tweaks and changes have also been done.
19.6.2015 - Bootstrap update + www redirect fix
Bootstrap has been updated to the latest version.
A few days ago we also fixed the redirect issue when using temp.pm domain with www prefix. Www prefixed domain now uses CloudFlare to bypass the missing SSL cert issue. CloudFlare is only used for redirecting the user to the correct (non-www) domain so none of the actual traffic goes through their network.
9.6.2015 - CSS issues (v3.6.1)
There were some issues with CSS file loading (mostly with TOR) so Bootstrap is now hosted via MaxCDN and our own CSS is included directly into the page source.
5.6.2015 - Source code package (v3.6.0)
We did some code cleanup before updating the source code package.
15.5.2015 - TOR fix + some code cleanup (v3.5.9)
There has been some random TOR related issues which should be fixed now. Please contact us if the problems persist.
• Removed unnecessary redirect code which caused some issues for TOR users
• Minified style.css (via refresh-sf.com)
• Some layout and text tweaks
• More code cleanup
2.5.2015 - Code cleanup and another switch for kill mode (v3.5.8)
We've been a bit busy lately so this is the first update in almost a month.
New security features and a proper help/instruction page are being planned. Read message statistics (anonymous of course) will be added to about page next week.
• Removed mcrypt compatibility code because it wasn't needed anymore
• Text changes on some of the status messages
• Another switch to use kill mode. Now it works with -K or -D
• Better verification for message ID, TTL and password variables
• More HTTP header tweaks
• Temp.PM domain has been submitted to HSTS list
8.4.2015 - More improvements (v3.5.7)
• More improvements (and some bug fixes) to HTTP headers to provide better cache disabling and better security
• Htmlspecialchars were replaced with htmlentities
3.4.2015 - Small tweaks
• Improvements to HTTP headers for better security
• Bootstrap updated to the latest version
29.3.2015 - Bug fix for iOS devices (v3.5.6)
URL form autoselect now works with Safari on iOS devices. Huge thanks to the person who reported this bug!
17.3.2015 - Server tweaks
Few tweaks were applied to the server to improve network and file system performance.
16.3.2015 - Bug fixes, new timers and some grammar (v3.5.5)
It seems that Temp.PM got accidentally removed from most search engines due to a bug in our search engine (robots) indexing definitions that we used.
• Search engine (robots) indexing definitions should now work correctly
• 15 minute and 45 minute expiration timers have been added
• Memory usage function is now more reliable
• Page refresh (= wipe) times were incorrect on some pages
• Some text changes and grammar corrections
10.3.2015 - Source code
Source code package has been updated.
7.3.2015 - More cleaning and layout tweaking (v3.5.3 + v3.5.4)
• Optgroup dividers have been added to the timer dropdown box to make it look nicer
• More code cleanup
27.2.2015 - Spring cleaning, new features and small downtime (v3.5.2)
The site was down for a while due to a typo in the code.
• Old/unused/unnecessary code has been removed
• Code indenting has been improved, mostly regarding echos/prints
• Kill mode: delete message without reading it by replacing the last letter of the URL with K
• Message URL page (after message creation) is wiped after 1 hour
• CPU and memory usage has been added to server statistics on the about page
• Compatibility mode renamed to mode query/switch to reflect it's current use
• Every 'strlen > 0' has been replaced with '!empty'
• Robots.txt is now working correctly and has up-to-date entries
• Changelog and installation instructions have been moved to seperate files
The code will be completely cleaned up and indented in kernel style
as soon as we have the time to do it.
Source code package will be updated in a few days.
26.2.2015 - Optimization, optimization... (v3.5.1)
Mcrypt library has been replaced with OpenSSL which offers a much better performance. Encrypt / decrypt speed is now approximately 10 times faster!
Block cipher has also been replaced with a better one (CBC). Mcrypt is still used to generate the IVs because it has a more secure implementation compared to OpenSSL.
To ensure backwards compatibility, older messages (that were created before this update) are decrypted with Mcrypt. This compatibility code will be removed after 2 months once all of the old message have been read or expired.
• Statistics have been optimized for more speed and accuracy.
• Few weeks ago we also optimized our network configurations a bit.
• Blog (this page) has been added.
Latest source code package can be downloaded here