Three ways to share, three kinds of trust
Scheduled3 min read By NT²
Your accountant needs one disclosure once. Your co-founder needs keys all year. Your landlord needs to see digits on your phone, not your whole vault. Those are three different trust relationships — not three names for the same Share button.
One Share sheet, three trust models
NT² groups outbound handoffs under Share, but the trust relationship behind each mode is not the same.
Choosing the wrong mode does not always fail loudly. Sometimes it fails quietly — a permanent email attachment, a co-founder without a stable vault identity, a landlord who received a full PDF when four digits would do.
The useful question is not "which button is newest?" It is what kind of trust does this moment need?
Mode 1 — Vault-to-vault through a secure contact
Best for: people you share with repeatedly — co-founder, partner, sibling, long-running contractor.
Trust relationship: ongoing, mutual, identity-bound.
How it works in plain terms:
- Establish a secure contact through invite and reciprocal exchange.
- Share one structured item to that contact.
- Recipient reviews in Inbox and Accept into vault or declines.
Why it fits recurring trust:
- The recipient is a vault identity you recognize, not a one-off link visitor.
- Signatures tie packages to the sender's Vault Key DID.
- Accepted items become structured records on both sides — re-findable six months later.
Read Send production keys to my co-founder and Split rent without screenshotting banking apps for sender stories. Read Secure contacts are trust relationships for how the contact layer works.
Mode 2 — Encrypted link with a separate share passphrase
Best for: someone who may never install NT² — accountant, lawyer, landlord for a one-time package, short contractor engagement.
Trust relationship: one-shot, bounded by passphrase and expiry.
How it works in plain terms:
- Share one item as an encrypted link.
- Send the URL through one channel.
- Send the share passphrase through a different channel — call, in person, another chat.
- Set expiry so the link does not outlive the moment.
Why it fits one-time trust:
- You are not asking them to join your trust graph permanently.
- The share passphrase is not your master password — narrower blast radius if something leaks.
- Expiry matches professional disclosure that should not live in someone's inbox forever.
Read One-time disclosure for your lawyer or accountant and An encrypted link is not an email attachment.
Mode 3 — Present or timed reveal
Best for: in-person or video verification — mortgage proof, employer check, friend looking at your screen across the table.
Trust relationship: situational, spatial, often non-reciprocal.
How it works in plain terms:
- Open the item on your device.
- Show only the fields the moment needs — masked routing number, partial account digits, timed window on a call.
- Nothing uploads to the verifier's server as a file they keep.
Why it fits in-person trust:
- Trust is "you may see this on my screen now," not "you may have a copy forever."
- Social boundary: Look at my screen, not my vault.
- Remote analogue: Timed reveal on a video call.
Compare at a glance
| Mode | Trust shape | Recipient installs NT²? | Typical duration |
|---|---|---|---|
| Vault-to-vault + contact | Mutual identity relationship | Yes (both vaults) | Months to years |
| Encrypted link | Passphrase + expiry | No | Days to weeks |
| Present / timed reveal | In-person / call boundary | No | Minutes |
None of these removes judgment. All of them replace a worse default — chat paste, email attachment, camera roll photo — with a boundary that matches the relationship.
Receive still sits on every inbound path
Even when you choose the right outbound mode, the recipient side often flows through Receive:
- Inbox for vault-to-vault asset share requests.
- Receive hub / link open flows for encrypted links.
- No persistent receive for pure Present — by design.
Receiving is where trust gets exercised, not just declared. See Something arrived in my Inbox and The Receive hub is not a downloads folder.
Pick the mode, then pick the person
The series order matters:
- Identity, assets, trust, and sharing — the map.
- Secure contacts — recurring relationships.
- One-way invite, mutual trust — completing two-way contact trust.
- Verified trust is cryptographic, not a button — proof states.
- This post — matching Share mode to trust shape.
- When trust should end — block and expiry when relationships change.
Browse scenarios at nt2.me/help/use-cases, or follow the RSS feed.
Last updated 2026-11-04
Related stories
- When trust should end
3 min read
- Verified trust is cryptographic, not a button
3 min read
- One-way invite, mutual trust
3 min read