Story

I'm building a PWA for investigative journalists who need to capture evidence without leaving forensic traces on their devices (even if seized).

The architecture: 1. "Zero-Trace" Camera: Uses `getUserMedia` to stream video.

2. RAM-Only: Captures frame to an off-screen Canvas -> Blob. Never touches the filesystem or Camera Roll.

3. Client-Side Encrypt: Blob is encrypted immediately (TweetNaCl) with a public key.

4. Upload & Wipe: Encrypted blob is uploaded, then memory is nulled.

My hypothesis is this beats "Standard Camera -> Gallery -> Upload" because there are no deleted files to recover from the SSD.

Is "RAM-only" in a browser sandbox reliable enough for life-or-death privacy? What side-channels (swap files, browser cache) am I missing?

Tech stack: Next.js, Dexie, WebCrypto. Open source.

Hope I can get much feedback I want to make my photo vault app special and make an impact for the world here is the link to my app that I want to change to this www.saecretheaven.com