diff --git a/onionshare.py b/onionshare.py
index 9c2cd758..8568c4e4 100755
--- a/onionshare.py
+++ b/onionshare.py
@@ -13,44 +13,18 @@ from stem import SocketError
 from flask import Flask, Markup, Response, request, make_response, send_from_directory
 app = Flask(__name__)
 
-auth_username = auth_password = filename = filehash = filesize = ''
+# generate an unguessable string
+slug = os.urandom(16).encode('hex')
 
-def check_auth(username, password):
-    global auth_username, auth_password
+# file information
+filename = filehash = filesize = ''
 
-    if len(username) != 16 or len(password) != 16:
-        return False
-
-    # constant time string comparison, to prevent timing attacks
-    valid = True
-    for i in range(16):
-        if username[i] != auth_username[i] or password[i] != auth_password[i]:
-            valid = False
-    return valid
-
-def authenticate():
-    return Response(
-        'Could not verify your access level for that URL.\n'
-        'You have to login with proper credentials', 401,
-        {'WWW-Authenticate': 'Basic realm="Login Required"'})
-
-def requires_auth(f):
-    @wraps(f)
-    def decorated(*args, **kwargs):
-        auth = request.authorization
-        if not auth or not check_auth(auth.username, auth.password):
-            return authenticate()
-        return f(*args, **kwargs)
-    return decorated
-
-@app.route("/")
-@requires_auth
+@app.route("/{0}".format(slug))
 def index():
-    global filename, filesize, filehash
-    return "<html><head><title>OnionShare</title><style>body {{ background-color: #222222; color: #ffffff; text-align: center; font-family: arial; padding: 5em; }} a {{ color: #ffee00; text-decoration: none; }} a:hover{{ text-decoration: underline; }}</style></head><body><h1><a href='/download'>{0}</a></h1><p>SHA1 checksum: <strong>{1}</strong><br/>File size: <strong>{2} bytes</strong></p></body></html>".format(os.path.basename(filename), filehash, filesize)
+    global filename, filesize, filehash, slug
+    return "<html><head><title>OnionShare</title><style>body {{ background-color: #222222; color: #ffffff; text-align: center; font-family: arial; padding: 5em; }} a {{ color: #ffee00; text-decoration: none; }} a:hover{{ text-decoration: underline; }}</style></head><body><h1><a href='/{0}/download'>{1}</a></h1><p>SHA1 checksum: <strong>{2}</strong><br/>File size: <strong>{3} bytes</strong></p></body></html>".format(slug, os.path.basename(filename), filehash, filesize)
 
-@app.route("/download")
-@requires_auth
+@app.route("/{0}/download".format(slug))
 def download():
     global filename
     dirname = os.path.dirname(filename)
@@ -91,10 +65,8 @@ if __name__ == '__main__':
     filehash = sha1.hexdigest()
     filesize = os.path.getsize(filename)
 
-    # choose a port, username, and password
+    # choose a port
     port = randint(1025, 65535)
-    auth_username = os.urandom(8).encode('hex')
-    auth_password = os.urandom(8).encode('hex')
 
     # connect to the tor controlport
     print 'Connecting to Tor ControlPort to set up hidden service on port {0}'.format(port)
@@ -120,10 +92,8 @@ if __name__ == '__main__':
     tails_open_port(port)
 
     # instructions
-    print '\nGive this information to the person you\'re sending the file to:'
-    print 'URL: http://{0}/'.format(onion_host)
-    print 'Username: {0}'.format(auth_username)
-    print 'Password: {0}'.format(auth_password)
+    print '\nGive this URL to the person you\'re sending the file to:'
+    print 'http://{0}/{1}'.format(onion_host, slug)
     print ''
     print 'Press Ctrl-C to stop server\n'