Security & Privacy

DoorDast is an end-to-end encrypted remote desktop. Your screen, files and clicks are locked with AES-256 before they leave your device, and only the device you connected to holds the key. Not the network, not the relay, not us — no one in between can see them. This page explains exactly how that works, in plain language.

What “end-to-end encrypted” actually means

Almost every remote desktop tool says it is “encrypted”. Usually that means the connection between your computer and the vendor’s servers is encrypted — the same way your browser talks to any website. That protects you from someone on your Wi-Fi, but it does not protect you from the servers in the middle: whoever runs them could, in principle, decrypt, inspect or record your session.

End-to-end encryption is a stronger promise. The two devices in a session — yours and the one you are connecting to — agree on encryption keys directly with each other. Everything that travels between them is sealed with those keys. Servers along the way only ever handle scrambled data they cannot open, because they were never given a key. With DoorDast, “no one can see your screen” is not a policy we promise to follow. It is a property of the math: we could not look even if we were ordered to.

The threat model, in plain language

Here is who could plausibly try to watch a remote desktop session, and what DoorDast’s design does about each of them:

  • Someone on your network — a snooping café Wi-Fi, a compromised router, a workplace middlebox. They see only ciphertext, twice over: the end-to-end layer plus encrypted transport underneath it.
  • Our relay servers. When two devices cannot reach each other directly, a DoorDast relay forwards the traffic. The relay moves sealed boxes without a key — it can count bytes, but it cannot open them.
  • Us, DoorDast. Session keys are created fresh on your devices for every session and never sent to us. We cannot watch a live session, and we cannot decrypt a recorded one later.
  • An impostor server. The app verifies it is talking to the genuine DoorDast service on every connection, so an attacker cannot slip in between and hand you fake keys.

What end-to-end encryption cannot do — and no honest vendor will tell you otherwise — is protect a device that is itself compromised. If the computer on either end has malware with screen access, encryption in transit does not help. DoorDast’s job is to make sure the connection between two healthy devices adds zero new eyes.

How a DoorDast session gets its keys

  1. You share a code. One side shares a short session code. The code is how the two devices find each other — it is not the encryption key.
  2. The devices agree on keys directly. Once matched, the two apps run a key exchange with each other. The resulting AES-256 session keys exist only on the two devices.
  3. Everything is sealed per frame. Video, input, files, clipboard and chat are each encrypted with authenticated encryption (AES-GCM), so tampering is detected, not just hidden.
  4. Keys die with the session. Every session starts a brand-new exchange. There is no master key, so nothing recorded today can be unlocked tomorrow.

What our servers can and cannot see

Our servers seeOur servers never see
That two devices matched a session codeYour screen, in any form
Encrypted traffic volume (bytes forwarded)Keystrokes, mouse input, or clipboard contents
Connection metadata needed to route the sessionFile names or file contents in a transfer
Version and health info the app reportsChat messages
Session encryption keys, ever

How this compares to other remote desktop tools

An honest comparison: every major tool encrypts traffic in transit, and several make end-to-end claims of their own. The differences that matter are whether end-to-end protection is the default, whether the operator’s infrastructure ever holds key material, and whether you can verify any of it. Check each vendor’s own security documentation — here is the landscape as they describe it:

DoorDastAnyDeskTeamViewerChrome Remote DesktopRustDesk
Encryption in transitYes (QUIC/TLS + E2E layer)Yes (TLS 1.2)Yes (TLS/AES)Yes (WebRTC/DTLS)Yes
End-to-end by defaultYes, always — no mode to turn offVendor-described E2E; closed sourceVendor-described E2E; closed sourceSession via Google infrastructure and accountYes; self-hostable, open source
Fresh keys per sessionYesPer vendor docsPer vendor docsPer sessionYes
Account required to be helpedNo — a code is enoughNoYes (free tier)Yes, Google account both endsNo
Free for personal useYes, no session limitsYes, with usage limitsYes, with commercial-use detectionYesYes

If you want the deeper feature-by-feature picture, see our honest comparisons: DoorDast vs AnyDesk, DoorDast vs TeamViewer, DoorDast vs Chrome Remote Desktop and DoorDast vs Quick Assist.

Privacy is also about control, not just encryption

  • Nothing happens without consent. A connection has to be accepted on the machine being reached — unless you deliberately set an access password for your own unattended computers.
  • File access is permissioned separately. Watching a screen does not grant file access; the file manager only opens with your say-so, and the rest of the disk stays off-limits.
  • View-only exists on purpose. Share your screen for a demo or a second opinion without handing over mouse and keyboard — including to a guest who joins from a browser with just a link and code.
  • DoorDast hides itself from the share. The app’s own windows are excluded from capture, so your session controls, codes and chats never appear on the other person’s screen.
  • No account needed. Guests connect with a code, full stop. Signing in is optional and only adds convenience — a device list, favorites, one-tap access.

Frequently asked questions

Can DoorDast employees see my screen?

No. Session keys are generated on your devices and never leave them. Our servers relay encrypted data they cannot decrypt — there is no admin tool, support mode or legal switch that changes this, because the capability does not exist.

Is the relay a weak point?

The relay only ever forwards ciphertext. Even a fully compromised relay could disrupt your connection, but it could not read your screen, your files or your keystrokes — the end-to-end layer is sealed before traffic reaches it.

What encryption does DoorDast use?

Sessions are protected with AES-256 in GCM mode (authenticated encryption) with fresh keys negotiated between the two devices for every session, on top of encrypted transport (QUIC, with an encrypted WebSocket fallback for strict networks).

Can an old, recorded session be decrypted later?

No. Keys are ephemeral — created for one session and discarded. There is no long-term key that could unlock past traffic, so recording ciphertext today buys an attacker nothing tomorrow.

Do I have to trust you on any of this?

Less than you’d think. The design means our honesty is not the security boundary: we hold no keys to hand over, leak or abuse. What you do trust is the app binary itself — the same trust you extend to any software you install — and we keep that surface small: no telemetry of session contents, no cloud recording, no server-side session storage.

Try it yourself: download DoorDast for Windows — free, end-to-end encrypted by default, connected in under a minute.