Public-IP rooms: what they protect and what they do not

A public IP can represent many people

At home, a router commonly sends every connected phone, computer, television, and tablet through one public address. At work or school, hundreds of devices may share a small set of public addresses. Hotels, airports, cafés, libraries, mobile carriers, and VPN providers can place unrelated users behind the same outward-facing address.

If those users visit CopyPaster while their traffic exits through the same address, they may be assigned to the same room. The room key helps two intended participants confirm that they match, but it is not a password and does not exclude other matching devices.

Hashing limits exposure but does not create access control

CopyPaster combines the visible IP address with a server-side secret and hashes the result. This means the application can group matching requests without using the raw address as the database room identifier. Hashing is useful for data minimization, but every matching request still derives the same room identifier.

Access-controlled systems use a login, a secret invitation, a cryptographic key, or another credential that an unintended viewer does not possess. A public-IP room has none of those protections. Treat it as a convenient temporary noticeboard shared by a network, not as a locked mailbox.

Information that should never enter the room

Never paste passwords, authentication codes, session cookies, API keys, private cryptographic keys, seed phrases, payment-card data, bank records, government identifiers, medical records, or confidential legal and employment documents. Avoid personal addresses, private phone numbers, customer records, and unpublished business information.

A useful test is to ask what would happen if another person on the same network saw the material immediately. If the answer includes account compromise, financial loss, embarrassment, legal exposure, or harm to another person, use a service with authentication and end-to-end encryption instead.

Lower-risk examples

More suitable material includes a public web address, a shopping list, a temporary troubleshooting command without credentials, an image already intended for public distribution, or a non-confidential document. Even then, share only what is needed and remove it once the transfer is complete.

Network changes can change the room

Moving between Wi-Fi and cellular data, enabling a VPN, switching VPN regions, activating a browser privacy relay, or changing corporate networks can alter the public IP seen by CopyPaster. The browser may then receive a different room key. Always re-check both room keys after a connection change.

Reduce exposure with short retention

Prepare the receiving device before uploading. Share the smallest necessary item, confirm receipt, and clear it immediately. Files are configured to expire automatically after one hour, but manual removal is better when the transfer finishes sooner. Clear text and chat as part of the same cleanup process.

Automatic expiry limits future availability; it does not prevent a room participant from viewing, copying, or downloading content while it is present. Once another device receives data, CopyPaster cannot control copies saved by that device.