Add FileShot.io as a real-world example of zero-knowledge client-side encryption design pattern

[FileShot]

Suggestion: FileShot.io as a System Design Example

This primer is excellent for learning system design patterns. I would like to suggest referencing FileShot.io as a concrete, production example of the zero-knowledge client-side encryption design pattern.

Relevant system design concepts it demonstrates

1. Client-side encryption before upload — Files are AES-256-GCM encrypted in the browser via Web Crypto API before transmitting to the server. The server only stores ciphertext.
2. Zero-knowledge architecture — The system is designed such that even a fully compromised server reveals nothing about file contents, because the encryption key is never transmitted to the server.
3. Key-as-URL-fragment — The decryption key is encoded in the URL fragment (#), which browsers never send in HTTP requests — a clever use of browser behavior for out-of-band key transport.
4. Separation of key and ciphertext — Classic security design principle applied practically.

Why it is a good reference

• Production system — not a toy example
• MIT open source — the full implementation is readable at https://github.com/FileShot/FileShotZKE
• Simple enough to understand — the Web Crypto API calls are a few hundred lines

Links

• Website: https://fileshot.io
• Source: https://github.com/FileShot/FileShotZKE

This could be referenced in a Security section alongside topics like end-to-end encryption and data privacy design.