Firefox Send: Free encrypted file transfer service
dnlserrano · 7 years ago
84 comments
dnlserrano · 7 years ago
84 comments
Ultramanoid · 7 years ago
It's a fantastic service and I'm glad to see it leave the experiment stage and become official. Highly recommended.
icemelt8 · 7 years ago
I wonder which cloud service they are using to store the files.
sccxy · 7 years ago
Google Cloud Platform
swtrs · 7 years ago
A bit of poking around leads me to prod.send.prod.cloudops.mozgcp.net so Im assumping Google CloudCloud.
Brosper · 7 years ago
Nice!
oblio · 7 years ago
I wonder if they're running some malware scanners plus do they have to comply with DMCA takedowns? Based on what I see, the files are hosted on their servers, so they kind of have to, no?
nvdk · 7 years ago
At maximum 200 downloads and an expiration of 7 days I don't think anyone will bother to be honest.
TulliusCicero · 7 years ago
Hypothetically, you could wrap this storage solution in a service that automatically creates new underlying links as old ones exhaust their quota or expire.
mehrdadn · 7 years ago
There is end-to-end encryption, so unless they have homomorphic virus scanners I don't see how they would do this...
nvdk · 7 years ago
I've been using send.firefox.com for months and so far the only downside was the 1 day expiration. Very glad you can now opt for 7 days.
buboard · 7 years ago
They could also offer a realtime webrtc solution like snapdrop.net . Although i m not sure that works, it didn't work between my phone and desktop.
hlnas · 7 years ago
How "private" is it? Do you store metadata? i.e. if I upload a file and it expires, do you also delete any trace of me, including my IP address?
mehrdadn · 7 years ago
https://send.firefox.com/legal
> We receive IP addresses of downloaders and uploaders as part of our standard server logs. These are retained for 90 days, and for that period, may be connected to activity of a file’s download URL. Although we develop our services in ways that minimize identification, you should know that it may be possible to correlate the IP address of a Send user to the IP address of other Mozilla services with accounts; and if there is a match, this could identify the account email address.
gurpreet- · 7 years ago
Why is it a necessity to store information for 90 days? Why not 10 or 30?
mehrdadn · 7 years ago
> Why is it a necessity to store information for 90 days? Why not 10 or 30?
Is there something special about 10 or 30? (You wouldn't ask the same question about 10 or 30?)
hlnas · 7 years ago
10 or 30 seem shorter, no? I don't have anything to say about 10 or 30, but 90 seems too long in my opinion.
I understand the need to keep logs to thwart abuse, but with longer lengths you're just helping law enforcement.
mehrdadn · 7 years ago
> 10 or 30 seem shorter, no? I don't have anything to say about 10 or 30, but 90 seems too long in my opinion.
Sure they're shorter, but wherever they draw the line somebody like you is going to complain. Putting myself in their shoes I don't see any reason why you wouldn't complain about 30 days (even if you really wouldn't).
> I understand the need to keep logs to thwart abuse, but with longer lengths you're just helping law enforcement.
90 days cannot be to thwart abuse because...? And helping law enforcement is inherently terrible because...?
pennaMan · 7 years ago
>And helping law enforcement is inherently terrible because
Helping in the sense that they open themselves up to be strong-armed by LE
robinhood · 7 years ago
Legally you have to retain this type of information for at least 90 days. That sucks but it's the law.
JohnFen · 7 years ago
Not in the US.
mFixman · 7 years ago
I can't believe that there isn't a simple service to transfer data between my cellphone and my computer without going through the internet. iTunes is terribly bloated, MTP is a mess, and Bluetooth is slow and frustrating.
Back in my hacker day I used to have an SSH server open on my cellphone and use it to transfer files back and forth with my computer. Why isn't there a mainstream service like that?
kop316 · 7 years ago
I seem to remember that there was an app on android that allowed you to access your files via a webserver you could turn off and on. I used that a lot before I got nextcloud.
dx87 · 7 years ago
KDE connect works without internet access. I haven't used it on Windows, but it works fine for me on Ubuntu.
merpnderp · 7 years ago
In the Apple ecosystem, there's AirDrop which uses either Bluetooth or Wifi. You can quickly share files between any iOS and Mac devices very simply.
matt-snider · 7 years ago
What about https://syncthing.net/?
EDIT: I know you said without going through the internet. Syncthing can be configured to only transfer over specific networks (e.g. home LAN/WI-FI)
pard68 · 7 years ago
I use syncthing for all my personal file syncing. It is so useful and secure to boot!
rcMgD2BwE72F · 7 years ago
I've been using it for (almost) everything and it has always work perfectly:
I keep my phone's picture in sync with my personal computers ("send only" so I can remove old photos when my SD card is getting full).
I sync a "media" folder where I dump all the music and video I download with the youtube-dl CLI (a "yt" alias makes sure the files are stored in the right directory with some custom parameters).
I sync my KeepassXC databases (work and personal), between my personal Linux laptop, my Android phone and my work MacbookPro. Databases can be merged in a single click if there's any conflict (happens very rarely). I love the Android secure autofill service and fingerprint quick unlock
I use a "temp" folder to drag'n drop stuff between computers so I can file it properly on the right device. On Android, I prefer to use the Syncthing "sharing intent" to make any file/media available on my other devices in just a tap.
I also have installed Syncthing on my Android TV, and occasionally drop HD movies that I download on my phone over P2P (I have a pretty fast connection, so it's easier for me to choose a move from my phone, while in commute, have it download in a few seconds, and either stream it to my TV via Chromecast or open it from the synced folder through Kodi)
This really is a dream setup.
RussianCow · 7 years ago
I love it as well, but my one gripe with the Android app is that it does not support read/write sync on external storage (SD cards). This means, in my case, that I have to share photos from my phone in a read-only fashion. It's not a deal-breaker by any means, but it's annoying, because if I want to add photos to my collection that were obtained elsewhere (e.g. my underwater camera), I have to transfer those files to my phone first in order for them to properly propagate to all my other devices.
Here is the related issue: https://github.com/syncthing/syncthing-android/issues/29
aidenn0 · 7 years ago
I would suspect that if you reconfigure your SDCard to be internal storage then it will work again. This is a limit of Android permissions that happened a couple of major versions ago (I use a different tool for file transfer and I remember when it stopped being able to transfer files to external storage).
rcMgD2BwE72F · 7 years ago
I suggest to use https://f-droid.org/en/packages/com.github.catfriend1.syncth... and setup the synced folder on the SD Card as a subdirectory of the app data folder. It's worked well with an old phone (until I replace it with one that no SD card but 128+ GB of storage)
jamesgeck0 · 7 years ago
Syncthing is in dire need of an iOS client. There's an unofficial one, but it was unmaintained and didn't sync with recent versions of Syncthing last I checked.
yjftsjthsd-h · 7 years ago
Is it a technical limitation, insufficient developers, or a license issue? IIRC GPL doesn't work with the store.
KindOne · 7 years ago
License is MLP 2.0.
justusthane · 7 years ago
I believe just insufficient developers. It seems like they're open to someone taking it on: https://forum.syncthing.net/t/on-syncthing-ios-port-again/89...
olyjohn · 7 years ago
I feel like there must be some iOS limitations as well. Dropbox can't even sync files in the background, so if I take a bunch of photos, I have to leave it running and touch the screen every couple of minutes in order to get all the photos uploaded. I feel like Dropbox apps are generally pretty good, and this was way janky, and had to be an iOS limitation, but I'm not 100% sure.
jamesgeck0 · 7 years ago
iOS apps (including Dropbox) can sync data in the background, but it's a bit janky. You have to give the app permission to access location services. It'll upload a bit of data in the background every time your phone location changes.
samcday · 7 years ago
Tangentially related - I've always thought it's dumb that I can't just plug my iPhone in to any PC and have it show up as a removable storage device.
I'm sure people who know more than me will give me a list of great reasons why it's not straightforward to implement...
But it doesn't change the fact that I have this incredible device (iPhone X) with 256gb of blindingly fast NAND flash storage, of which I am only utilizing 30gb, yet I still have to tote around a f*ing stupid little plastic USB dongle if I want to copy some files around.
TulliusCicero · 7 years ago
> I'm sure people who know more than me will give me a list of great reasons why it's not straightforward to implement...
Nah, Android phones have done this forever, it's not technical difficulties stopping it from working. It's The Apple Way. They don't want you using your phone that way, or something.
voidmain0001 · 7 years ago
Argh! I just went through this with a friend's iPhone when he asked spur of the moment to have a video on his iPhone displayed on some monitors for a presentation. The monitors are driven by a Win10 computer. My first thought was to transfer the file from the iPhone with Bluetooth to the computer, but apparently an iPhone can't be paired in that manner. So lame. The video was too big to email, so I used send.firefox.com and uploaded the video to it, and then downloaded the video to the computer. Thanks to the iPhone's protective wall that little stunt cost my friend 200MB of cellular data. The computer didn't have iTunes, and there was no Lightning cable available so direct hardwired transfer wasn't an option either.
Retric · 7 years ago
Not having a cable is hardly the same issue, iPhones let you easily share images and videos but not all files.
voidmain0001 · 7 years ago
Beyond AirDrop which only works between like devices, how else can files on an iPhone be transferred to another device without iTunes, and without using a 3rd party? I'm not being adversarial, I really want to know.
mercutio2 · 7 years ago
I’m a little confused, you don’t want to use 3rd party apps (like a Microsoft app to interact with nearby MS stuff) AND you don’t want to use Apple 1st party apps?
It sounds like the only thing that would’ve satisfied you would’ve been for iOS to natively understand whatever the Microsoft system is for broadcasting videos? I agree it would be delightful if Apple and Microsoft could agree on a “I’m a short term drop-point” “send to any nearby open drop-point” API, but the absence of this doesn’t seem likely to be either Microsoft’s or Apple’s fault.
The Apple way to do this would’ve been to send an iCloud email. Apple Mail would’ve uploaded the file to a server, and a short-lived link would’ve been created, to avoid SMTP size limits.
Pretty much exactly what you ended up doing but manually via Firefox Send.
kalleboo · 7 years ago
> The Apple way to do this would’ve been to send an iCloud email
Since iOS 12 they also have a "copy iCloud link" share option that gives you a Dropbox-style file download page.
voidmain0001 · 7 years ago
I don't understand your confusion. What I would like to see is the iPhone to support the use of its native Bluetooth radio to connect to another device with a Bluetooth radio and implement the native Bluetooth file transfer protocol. Why would I want to use a 3rd party app/program which incurs a data charge to download, and possibly an account setup which means information leakage.
dTal · 7 years ago
Android phones don't do this anymore, for the technical reason that allowing a computer to mount a filesystem directly requires that the phone unmount it. Mass storage expects a block device, so there's no wrapper that one could provide that would make this work with the native filesystems of the phone.
What could be done is to dedicate a file on the phone as block storage, and expose that as a mass storage device. This would suffer from the same problem (of the phone not being able to access it at the same time), but if it's dedicated "flash drive emulation" space then perhaps this behavior won't be as surprising to the user.
gdulli · 7 years ago
> allowing a computer to mount a filesystem directly requires that the phone unmount it
I don't think that's true. My S8 storage is mounted and accessible from my computer right now while at the same time playing music from the same storage. I can still take pictures/write to the storage.
dTal · 7 years ago
As mass storage, or MTP? The distinction is why I qualified with "mount a filesystem directly". MTP doesn't do that.
TulliusCicero · 7 years ago
You said "Android phones don't do that anymore", "that" referring to "have it show up as a removable storage device".
Pointing out that the protocol used is leaky or bad in some technical way doesn't change that Android phones do in fact show up as removable storage devices when connected to (at least Windows) PC's. Your original assertion was incorrect.
samcday even said they just wanted to copy some files around. You don't need to be able to modify files in-place from the PC to accomplish this.
ernesth · 7 years ago
UMS (USB Mass Storage) is a protocol. MTP is a different protocol.
Android devices don't support UMS anymore.
TulliusCicero · 7 years ago
> Android phones don't do this anymore
They don't? Since when? I still have a Pixel 1 but it's running Android P, so the latest major version of Android, and this still works fine.
skykooler · 7 years ago
Android phones show up as MTP devices, which are basically file-level storage instead of block-level storage. Most OS's (besides MacOS) will display this with the same interface as a USB mass storage device.
dTal · 7 years ago
MTP is a horrible protocol which renders the abstraction very leaky in my experience, to the extent that it's inaccurate to refer to it as "removable storage" and expect to behave in similarly sane fashion to a proper flash drive. For example, there's no support for modifying a file in-place - the entire file must be read out, modified, and then written back. These kinds of restrictions render it slow and unreliable.
Wikipedia tells the sordid story: https://en.wikipedia.org/wiki/Media_Transfer_Protocol#Compar...
TulliusCicero · 7 years ago
> MTP is a horrible protocol which renders the abstraction very leaky in my experience
Nevertheless, it's still removable storage that can take the place of the most common use case of portable flash drives: moving files around from one computer to another. Which is explicitly what we were originally talking about.
Pointing out that it doesn't work for some other use case that you yourself brought up doesn't make any sense. That's not what everyone else was talking about.
dTal · 7 years ago
I'm not going to debate you in three places at once, that's just obnoxious and clutters the thread.
Ultimately this is an argument about the precise semantics of "removable storage". I don't regard an MTP device as "removable storage" - it's another computer that one speaks to using a special protocol, with severe limitations. So is an iPhone - with special, protocol-speaking software, you can certainly put arbitrary files on it. I interpreted the parent to mean that they wanted to plug the phone in to "any PC" and have it Just Work. MTP isn't so great at that, especially from my perspective as a Linux user, where MTP support is no more built-in than iOS-protocol support. From this standpoint, "removable storage" == "USB mass storage".
On the other hand, it sounds like whatever Apple provides is much worse even than MTP, and less well supported in general.
TulliusCicero · 7 years ago
> Ultimately this is an argument about the precise semantics of "removable storage". I don't regard an MTP device as "removable storage"
This is absurd. You don't get to tell someone, "you're wrong", then later when it's pointed out that the original assertion was actually true, then say, "oh, I meant that you're wrong as long as we're using my version of the word, the one that's very different from the one everyone else was using."
Sorry, but that's blatantly disingenuous. The original context was very clear. If you really meant, "well it sort of works as removable storage in one sense, but not in this other sense" you should've just said that to begin with.
dTal · 7 years ago
Well, I'm sorry to have upset you, and I hope that the precise technical situation is now clear to anyone reading this thread.
est31 · 7 years ago
MTP is super buggy tho. Sometimes I can get it to work, sometimes I can't. Thought it was the fault of GNU/Linux on the desktop, but I've heard similar stories from Windows users. Most people I've spoken to are just annoyed about MTP.
As a possible explanation for this issue, I think that if you use the internet to share data, it's more likely that Google makes money from some of the interactions (either via ads in the app or via play store tax or idk because the service is hosted in GCP or whatever) than if you used an internet-free method, so Google doesn't prioritize bugfixes that would hurt their revenue. Edit: would love to be proven wrong though!
xnyan · 7 years ago
Android and iOS user. I"m not defending it per say because the frustration of a real shell existing (I've jailbroken iOS and used it) but no access to it is real.
The argument from apple is even if you put a warning label on on a setting "allow filesystem access over SSH" for example, if you give users unmanaged file or other systems access, it will be exploited and in reality, what most users (or at least my mother and father) want is to just use their phone and never think about it.
It's fair not to like it and it may be wrong, but to imply that apple did it just to frustrate power users is either misinformed or dishonest.
Lastly there's a cool ios project https://github.com/tbodt/ish that gives you an emulated shell. Works pretty well.
cr0sh · 7 years ago
> Nah, Android phones have done this forever
Your only option today is MTP on Android, and it stinks.
At one time, Android did support showing up as a mass storage device. I know when I first got a G1, then the phone I had after that - both you could plug in, and they appeared as a mass storage device. Just like a USB thumb drive.
I don't recall if you could use the file system at the same time on both sides; I doubt it, though. This was never a problem for me. It just worked - just like a thumb drive.
Then something changed; I don't recall which Android version, but they gradually phased out the phone appearing as a USB drive, and started to phase in MTP. I recall MTP being absolute POS on Linux, barely workable everywhere else, and where it did work, it was slow.
It's gotten better over the years on all platforms, but it still isn't anything like it should be.
My theory on why they switched was to keep people from easily side-loading APKs, and backing them up easily, etc. I think it was all part of the battle to keep people from really owning their phones, keep them from rooting them, etc. The ever and ongoing battle in which nobody really wins, everything is left as rubble, and the results are futile, because if they lock things down completely, the people that want things open will just leave to create their own devices, and they don't really gain much.
As an aside - that's a direction I've been thinking about pursuing. There are now some relatively cheap 4G modules out there, and some open-source "phone" operating systems for the Raspberry Pi and other embedded controllers (with varying levels of "working-ness"). I'm just getting tired of not really owning my own phone, and I want to do something about it.
My current phone is an S7 (TMobile version) - and they've made it hard as heck to actually root; it seems like every time they come out with a way to do it, Samsung/T-Mobile updates to prevent it. I'm just tired of the whole cat-mouse thing; I want things completely open, even if it means I have to write my own apps.
eythian · 7 years ago
> My theory on why they switched was to keep people from easily side-loading APKs, and backing them up easily, etc. I think it was all part of the battle to keep people from really owning their phones, keep them from rooting them, etc.
Or, more realistically, by having file access mediated by the phone, you can:
* have the filesystem available to multiple systems at once. If it's mounted as USB mass storage then it must stop being visible to the phone itself. That's not great, especially if there are apps etc. there. To not have apps there, you'd need to partition. That sucks. So, also...
* you can use any filesystem you want. You're not restricted to things like VFAT. By not being USB mass storage, you can run BtrFS if you're so inclined and not have Windows get upset when you plug it in.
* the phone is able to restrict what is seen by the computer. This is a security benefit. I don't want someone slurping my TOTP key database because I foolishly leave my phone unlocked somewhere.
Also, you can still root phones just fine if you buy one that isn't user-hostile.
So, there are solid technical reasons for the change that make things better for a large number of users (who, amongst your average user these days, really wants to plug their phone in to the computer to move files around? I'd estimate vanishingly few.)
> My current phone is an S7 (TMobile version) - and they've made it hard as heck to actually root; it seems like every time they come out with a way to do it, Samsung/T-Mobile updates to prevent it.
Well of course they do. a) they are use hostile, so they don't give you a path. b) because there's no official path, any method that does exist must be a security vulnerability. Do you want to have a vulnerable device?
Don't buy user hostile stuff and then complain that it doesn't let you do what you want.
tenebrisalietum · 7 years ago
> My theory on why they switched was to keep people from easily side-loading APKs, and backing them up easily, etc.
I bet it was simply to prevent having to implement FAT32 or some feature related to FAT and pay royalties to MS for that, like long filename support or similar.
supermatt · 7 years ago
this is an artificial apple restriction. other vendors allow you to do exactly this
laumars · 7 years ago
Other vendors used to allow you to do this back when internal storage was vfat formatted but it's not been an option these days because Windows and Macs wouldn't have the file system drivers to read the storage.
This is why MTP was created. However MTP is - in my experience - complete garbage and creates as many problems as it solves.
supermatt · 7 years ago
Mounting MTP is transparent to the user on non-apple OSes as well. You can drag and drop files as you could when it was when mounting the VFAT block device. Its only on MacOS that this isn't handled gracefully.
So yeah, apple is only mobile you cant do this on at all, and apple is only desktop OS you cant access other phones that permit it on (without installing some 3rd party tool).
As an aside, I write this as an apple user (iphone, ipad, watch, macbook pro), and Im feeling quite infuriated thinking back on this.
laumars · 7 years ago
I've used MTP and my experience is it that it leaves a lot to be desired regardless of the platform. My wife's Samsung phone never worked right with her Windows 7 laptop. Neither my Huawei nor the HTC handset I had before worked properly with any of my Linux machines either.
I get the point of MTP is that is't supposed to be a transparent (to the user) interface but my experience is it falls short by a long way of achieving this in practice.
supermatt · 7 years ago
Yeah, I agree - MTP is abominable on every device Ive used too.
Retric · 7 years ago
I regularly do this to offload pictures and movies. I have even used my iPhone as a large USB drive.
But, they don’t let you access to full file system for some reason.
supermatt · 7 years ago
How do you do this on your iPhone? I, and others, are of the opinion that this cant be done.
frosted-flakes · 7 years ago
Access to images and videos is read-only. So it can't be used like a USB drive.
joubert · 7 years ago
Unrestricted access would probably mean that someone could take your phone and access your data.
Instead, there are these 3 ways to share files between your phone and other machines: https://support.apple.com/en-us/HT201301
asdff · 7 years ago
Apple used to let you do this exactly with the iPod.
opencl · 7 years ago
Syncthing is fantastic for this (and file transfers between computers over LAN and/or internet), unless you happen to have an iOS phone.
ufo · 7 years ago
Does local wifi count? I use KDE Connect for sending files over wifi and a bunch of other things.
You may also want to check Syncthing, which others have also recommended.
ognarb · 7 years ago
I love KDE Connect, particularly the run command function. I wrote a list of some useful commands in the kde userbase wiki [0] some time ago.
[0] https://userbase.kde.org/KDE_Connect/Tutorials/Useful_comman...
dec0dedab0de · 7 years ago
Plugging in a USB cable still works fine. I think the problem is if its too easy then people will be copying files off of each others phones without permission.
laumars · 7 years ago
> Plugging in a USB cable still works fine.
That uses MTP which the OP already discounted as being "a mess". Frankly my experience matches his and thus I actively avoid MTP whenever I can.
> I think the problem is if its too easy then people will be copying files off of each others phones without permission.
You usually need to unlock the phone to use MTP. If an attacker has access to unlock your phone then it makes no difference if they copying the files via USB, Dropbox, email or whatever - your attacker already has the permission they need to do so.
_petronius · 7 years ago
I recently switched back to iOS after years on Android, and on this point I've been very impressed with Airdrop. Dead simple UI, very quick transfer speeds, uses WiFi or Bluetooth as available. It's just a shame that it's limited to Apple devices.
sdaslo · 7 years ago
Isn’t it because it’s limited to apple devices that it works so nicely? Even some times before recent updates they’ve made, ive had airdrop work improperly where my old MacBook Air wouldnt show up, etc etc. it would be a nightmare to get that working across android and pc devices
untog · 7 years ago
Agreed. And app hand-off (for the small number of apps that use it, basically only Safari for me) is fantastic as a "task transfer" tool as well.
kalleboo · 7 years ago
I also use copy/paste between my Mac and iPhone quite a lot, which is a Handoff feature
electrograv · 7 years ago
The conspiracy theorist in me wonders if Google simply wants to maximize the use of their servers here (independent of what users want/need):
1. P2P doesn’t give Google all that juicy mineable data that they get when everything you do makes round trips through their servers.
2. This would also implicitly encourage Android users to rely more on services like Google Drive/Docs for all files, which is good for them.
Edit: Apparently it is disputed that iOS has superior P2P file transfer support vs Android (see reply below), so perhaps all this is a moot point. I was assuming the truth of the parent post, and didn’t realize it was contentious; and since I’m not an Android or iOS expert, I can’t really argue that topic either way.
skrowl · 7 years ago
In addition to NUMEROUS 3rd party tools, Google already provides a tool exactly like AirDrop for Android.
It's a feature of the Files app https://play.google.com/store/apps/details?id=com.google.and... which has over 100M installs.
Look at the 3rd screenshot.
ENCRYPTED FILE SHARING
Files’s offline file sharing is secured with WPA2 encryption, providing a more secure file transfer. Files app uses Bluetooth to set up encrypted and direct fast wifi connection, so that you can transfer app APK or large files in seconds, send videos or pictures to your friends. Safe and secure.
SHARE FILES OFFLINE
Share your pictures, videos, documents, or apps with others nearby who also have the app. With fast speed up to 480 Mbps, it’s fast, free, and it works without the internet, so it doesn’t cost mobile data. Just pair up your phone with anyone nearby who has Files app.
millstone · 7 years ago
Does Files actually allow transfer with desktops or laptops? It sounds like it only transfers between Android devices.
runn1ng · 7 years ago
Apparently only Android - Android (and maybe ChromeOS, since that can run Android apps)
novaRom · 7 years ago
You can only share files "with others nearby who also have the app".
skrowl · 7 years ago
It's not really necessary on a desktop or laptop., Unlike an iPhone, all you have to do to transfer to a desktop is plug in a USB cable. After that, you select to share your storage with the PC on your android phone and you can operate on it as if it were a USB drive or a digital camera. On an iPhone you have to install iTunes, log on, jump through a bunch of hoops, and then you only get access to a fraction of the phone's filesystem anyway.
omouse · 7 years ago
Interesting! Also, is this free/open source?
kevin_thibedeau · 7 years ago
Google Files doesn't work with location services turned off. Because, you know, that's oh so critical for transferring data over the internet.
Angostura · 7 years ago
Just to be clear, Wifi network doesn't need to be available. If I remember correctly, initial connection setup is done through Bluetooth, then one device invisibly sets up an adhoc wifi connection to the other to transfer. The two devices don't have to be attached to a Wifi network. Quite spiffy.
gurpreet- · 7 years ago
Resilio sync [1] is a great service I've used to transfer files using P2P technology. It still uses the Internet, but avoids any intervening parties.
If you're using Android, you could just use USB transfer using Android File Transfer [2]. Super easy, super fast.
[1] https://www.resilio.com/individuals/ [2] https://www.android.com/filetransfer/
jamesgeck0 · 7 years ago
If both computers are on the same LAN, Resilio Sync shouldn't hit the internet at all.
patr0nus · 7 years ago
What about Dukto [0]?
IMO if something doesn't require the internet connection, it is more likely to be called "software", not a "service".
diegorbaquero · 7 years ago
You can try WebTorrent (P2P) based solutions, maybe https://btorrent.xyz could help.
AdmiralAsshat · 7 years ago
A number of Android File Managers these days (Amaze comes to mind) include a toggle option to turn your phone into an FTP Server. You would then just pull it up on your computer via ftp://192.168.X.X and put an optional user/pass over it. I've used that for many years if I need to quickly transfer some documents or songs between devices.
Not technically internet so much as intranet.
Izkata · 7 years ago
And on the flipside, I've used AndFTP to connect to my laptop from Android 2.0 through 8.1 - it supports sftp and a few other protocols.
zcid · 7 years ago
This is my preferred method. I use SolidExplorer to start the ftp server and use an alias to access via lftp.
microcolonel · 7 years ago
I use Syncthing, personally. It usually works pretty great, the only real issues I've seen are with locked down internet connections (the sort which also seem to meter or block VPNs).
chongli · 7 years ago
I just use iCloud Drive. Files on my desktop and in my documents folder get automatically synced to my phone and vice versa. It's extremely easy and painless. I often find myself on my phone, saving a file to my iCloud desktop, and finding the file on my desktop the next time I open the lid of my laptop.
aaaaaaaaaaab · 7 years ago
>without going through the internet
dooglius · 7 years ago
I'm a bit confused, in what sense is accessing an SSH server not going through the internet? Was the phone connected to the same LAN as the desktop via Wifi?
laumars · 7 years ago
That was my assumption.
Your comment took me a little by surprise actually because there's no actual need for the internet in SSH and in fact I probably do 90% of my SSHing on local networks. But I guess your usage differs significantly?
dooglius · 7 years ago
For desktops, yes, but my default assumption for a phone is that it's on a mobile network
laumars · 7 years ago
I don't think that is a fair assumption because it's very common for people to set up WiFi on their phone. In fact you'll often find some platforms will not download OS updates or warn you against downloading larger "apps" when not connected via WiFi.
Piskvorrr · 7 years ago
A mobile network is still mostly a fallback "if there's nothing better available", and IIRC all current smartphones prefer a WiFi link over a mobile one (if one is up). Perhaps with 5G, we might get to the point where WiFi is too much hassle to set up...
Piskvorrr · 7 years ago
That's the usual arrangement, yes: phone - WiFi AP - ethernet switch - desktop; no internet needed. SSH is not some only-works-in-the-cloud magic, just a TCP/IP service; as long as you can access the server, it is cloud-agnostic.
I do use this arrangement with split DNS: inside the local LAN, the desktop's DNS resolves to the desktop directly; outside, it resolves to the gateway's external port, whence it's NATed to the desktop. SSH from anywhere :)
pault · 7 years ago
You didn't say whether you are on iOS or Android, but if you are on iOS airdrop works very well.
laumars · 7 years ago
It does - just so long as you and anyone else you might want to share with are paid up into the Apple walled garden.
I do have an iPhone and I love AirDrop for sharing photos with the few friends who also have an iPhone but it's not even an option for me with a Linux laptop.
smoser · 7 years ago
Besides AirDrop there is "Copy and Paste across devices" https://support.apple.com/kb/ph25168?locale=en_US
mikro2nd · 7 years ago
> copy text, images, photos, and videos on one Apple device and then paste the content on another Apple device
So not so much for my Linux box or my Android phone, then. As usual with Apple's shiny crap it "all just works" as long as you're only playing inside the walled tarpit.
ihuman · 7 years ago
Does that transfer the data over iCloud (via the internet), or over Bluetooth and local WiFi? The page is kind of ambiguous since it mentions all 3.
morpheuskafka · 7 years ago
On iOS having a file manager web server is a common workaround, some apps like VLC even have their own. The only issue is that the server stops if you switch apps. There's also iMazing which uses the iTunes protocol and is pretty good, but unfortunately is paid.
msravi · 7 years ago
termux + woof
woof -i <ip_address> -p <port> <filename>
termux: https://play.google.com/store/apps/details?id=com.termux&hl=....
woof: http://www.home.unix-ag.org/simon/woof.html
Edit:
1. Allows directory upload/download (tar/gzip/bzip2 compressed)
2. Local file server (doesn't go over the internet)
3. Allows upload form (-U option)
4. Allows file to be served <count> number of times (-c option)
dTal · 7 years ago
You might be interested in KDE Connect, which provides (among other things) essentially a thin wrapper around SSHFS. It's the most convenient method of computer<->phone transfer I've found.
nobrains · 7 years ago
Airdroid
Benjamin_Dobell · 7 years ago
AirDroid is pretty handy on Android; file transfer, browsing your phone's files/images, sending SMS from your desktop browser (although Messages now does that native) etc. Much to my surprise, there's also an iOS version - https://itunes.apple.com/app/id1194539178
akerro · 7 years ago
>I can't believe that there isn't a simple service to transfer data between my cellphone and my computer without going through the internet.
KDE Connect, https://community.kde.org/KDEConnect#What_is_KDE_Connect.3F i've been using it for years
jumbopapa · 7 years ago
I've been using this, but I just switched to the Sway for my WM and I'm unsure of how to use KDEConnect with Sway. Any ideas?
MayeulC · 7 years ago
I've been using sway for a few weeks as well. I just used it once to share a file from my phone, and here's what I did:
export $(dbus-launch)
kdeconnect-cli -l
*then I sent the file from the phone*
It could be launched on start; there's also appindicator-kdeconnect that should work with a tray icon, as well, AFAIK.mcdevilkiller · 7 years ago
It's supposedly UI agnostic and just requires QT5. Probably you can build it from source, and it will open as a normal app, in its own tile.
Steltek · 7 years ago
When pushing files from phone to computer, I setup my Pixel to use AndFTP. The ubiquitous "Share" button offers AndFTP as an option and lists preconfigured destination SSH servers. I upload photos this way to a distinct account (which gets scooped up later by a more privileged script).
What I'm really looking for is a Share button enabled app that can POST arbitrary files to a customizable URL.
SebiH · 7 years ago
How about https://snapdrop.net/ ?
hiccuphippo · 7 years ago
What I'd like to see is an app that runs a webserver on my phone to share a slideshow of pictures or videos to a browser on the lan. I haven't found this and I'm thinking about writing one.
Moru · 7 years ago
Try resilio sync, uses lan or Internet depending on what is available. Sync the images folder with your computer with a few clicks.
spieglt · 7 years ago
This runs the web server on a computer, but allows two-way file transfer from phones: https://github.com/claudiodangelis/qr-filetransfer
sametmax · 7 years ago
There is. It's called dukto (http://www.msec.it/blog/?page_id=11), and works on mac, linux, windows and android. It will use zeroconf to automatically find all duktos on the local network, and let you send stuff to them in a blink.
Proprietary but free as in beer.
cybwraith · 7 years ago
Dukto is great!
kgwxd · 7 years ago
There are plenty of cross-platform local file transfer tools available but they all require manual setup and some knowledge of networking. If "without going through the internet" is a requirement, I don't think an easier and secure tool could be made better than what's already available.
m52go · 7 years ago
If you use GNOME, GSConnect is magical.
https://github.com/andyholmes/gnome-shell-extension-gsconnec...
spieglt · 7 years ago
Check out https://github.com/claudiodangelis/qr-filetransfer for computers and phones on the same LAN.
Works great, and I'm planning on integrating that functionality into my project which transfers files between laptops using only wireless cards, no LAN required. https://github.com/spieglt/flyingcarpet
xioxox · 7 years ago
SimpleSSHD is a simple ad-free open-source SSH server for your Android phone (available on Google Play). It's very useful. It only supports public-key based authentication, so you can't use a password, however.
yjftsjthsd-h · 7 years ago
> It only supports public-key based authentication, so you can't use a password, however.
If there's any chance of this thing being exposed to a public network (like, say, a cell network), I'd say that's a very good thing!
est31 · 7 years ago
I often first try MTP and when it is acting up again, I'm using adb pull / adb push to do it. Once set up, adb turns on automatically and all you need to do is to invoke the commands on the computer. If USB is unavailable, adb works via the network as well, provided the phone's IP is reachable. However, you need to know the ip address. The only problem really is figuring out the paths, but at least it works and overall I'm wasting less time than with MTP usage.
yjftsjthsd-h · 7 years ago
You can literally do that; termux will run sshd quite happily. I'm pretty sure there are sftp servers in the app store as well, but I don't really trust them.
I run the reverse; my laptop runs sshd and then I ssh/scp/rsync from termux on my phone. But either way works.
alanpearce · 7 years ago
With macOS and iOS, Airdrop, as others have stated. For other platform combinations, there is NitroShare[1] which works in almost the same way.
jwr · 7 years ago
If you use Apple devices, it's called AirDrop and works surprisingly well. I use it a lot, between computers, phones, and ipads, within the family and sometimes with other people, too.
chapium · 7 years ago
Just make sure your Mac's firewall is not blocking bluetooth.
ocdtrekkie · 7 years ago
SMB over local network would be my default, I recall an app for using SMB with Android back as far as the 2.x days.
We have tons of protocols for transferring files over networks, there's no reason for them to go to the public Internet, nor for them to be mobile phone specific.
omouse · 7 years ago
It's because the whole app ecosystem is proprietary and the open source packages aren't as polished. I remember when it was a huge pain to use Bonjour.
It seems like this should be a solved problem but maybe it takes a Mozilla or some other larger entity to push the marketing and the customer support and development to really solve the problem of transferring large files securely.
shmerl · 7 years ago
KDE connect?
pwg · 7 years ago
To add to the options (for Android phones):
m-p-3 · 7 years ago
I'm on Android, and Syncthing is pretty seamless once configured. I just configure my cellphone, my laptop and my desktop to sync a specific directory in both directions.
It's decentralized, end-to-end encrypted and does local discovery of devices on a LAN so it will also works offline.
As long as one device lives and is synced, I have a copy of the files.
deltaqueue · 7 years ago
Dozens of responses, and not one mention of Dropbox. Works perfectly for this exact purpose on Android.
Legogris · 7 years ago
You missed the "without going through the internet" part.
Piskvorrr · 7 years ago
It does have a LAN sync mode...but it's supplemental at best. Plus, the clients need to bootstrap and authorize through the Internet first.
gshulegaard · 7 years ago
There are a few around...I use File Explorer which can actually start an FTP server from my phone (iPhone) that my PC can connect to over LAN. It also can be a client to a remote FTP/file share.
buboard · 7 years ago
there is https://snapdrop.net/ but it didnt work for me
MaxBarraclough · 7 years ago
You run a simple HTTP server on your computer, then download your files over Wi-Fi using your phone's browser. Works nicely.
cd my/directory && python3 -m http.server 80rsync · 7 years ago
"I can't believe that there isn't a simple service to transfer data between my cellphone and my computer without going through the internet."
The correct way to do this is to configure your phone to emulate USB mass storage and then connect with a USB cable.
Your phone looks like a thumb drive. It's the easiest workflow in the world.
Unfortunately, this workflow is off limits because of some licensing requirement from MS for fat32 (or something) which is why neither android nor ios has this very basic, simple feature.
TulliusCicero · 7 years ago
Neat!
How do they handle abuse though? Like, people using it to host, say, pirated TV shows? Maybe a max download limit that makes it impractical for that use case?
mont · 7 years ago
2.5GB file limit is a bit small for good quality TV shows (and especially movies).
giarc · 7 years ago
Even single episodes?
mont · 7 years ago
That should be fine, though I'm pretty sure I have some episodes that are above that.
jhasse · 7 years ago
With HEVC 2.5GB is perfectly fine for a 2 hour movie.
wiiittttt · 7 years ago
Maybe for 1080p. It's 10-15GB for 4k.
untog · 7 years ago
I'd be amazed if a majority of people were downloading 4K movies these days.
wiiittttt · 7 years ago
Yeah, the majority are probably not, but i'd prefer to download at the highest quality available.
darkpuma · 7 years ago
Then you understand "How do they handle abuse though? Like, people using it to host, say, pirated TV shows?" remains an open question.
GunlogAlm · 7 years ago
I think we can all agree 1080p is "good quality", right? Your average pirate probably isn't demanding 4K quality, I imagine.
gsich · 7 years ago
Depends on the runtime. For low quality Netflix dumps (from Netflix, not because it got reencoded) it's usually enough, even for 1080p.
One can always split files.
LinuxBender · 7 years ago
winrar and 7-zip can break up files into chunks of any size you specify.
Moter8 · 7 years ago
The files are available up until they have been downloaded (from 1 to 100 times) or until a certain timeframe has elapsed (from 5 minutes to 7 days). See the screenshot at the article.
warkdarrior · 7 years ago
We are working on a plugin for BitTorrent that will automatically re-upload a file to Firefox Send when the old link expires and then make the new link available in the torrent.
fwip · 7 years ago
This is why we can't have nice things.
richjdsmith · 7 years ago
Why? Why wreck a good thing so no one else can enjoy it?
The torrent protocol is already there. Don't put that cost on the Mozilla Org.
hbosch · 7 years ago
I certainly hope that Mozilla can/will detect and punish this sort of abuse.
fxfan · 7 years ago
There's also a command line interface somewhere
emddudley · 7 years ago
I've used this before to send sensitive documents to my attorney, who would have otherwise just wanted email attachments. It worked great.
BrandonM · 7 years ago
Based on what I've read, the security model seems to be almost the same as email attachments?
tvmalsv · 7 years ago
One really big advantage of Send over attachments is that you don't have seemingly immortal copies of the files hanging around in people's mail clients and/or IMAP servers.
sigmonsays · 7 years ago
this doesn't seem that impressive technology wise, but maybe i'll remember to use it.
navaati · 7 years ago
I must say I am disapointed.
I thought this would be some cool realtime system to send from browser to browser, using WebRTC or something. Something that doesn't involve them paying for file servers, by the way.
I believed in Mozilla ! But no, here we are and I just don't see the difference between this and Mega.
EDIT: except for the auto-deletion trick that addresses the piracy problem. But still...
gsich · 7 years ago
But that would require more brain and effort. Since many users are usually behind a NAT, some NAT-traversal is neccessary. Combined with a robust detection (for shitty networks) and fallback to "normal" servers ... you get the idea.
Spivak · 7 years ago
I think Syncthing has a good model for this sort of thing. Anyone can stand up a rendezvous (and/or relay if you want) server which joins the network and starts helping people traverse NAT.
navaati · 7 years ago
WebRTC does all that already !
cdoxsey · 7 years ago
peterwwillis · 7 years ago
This is the tool I wanted to write! This is honestly the best solution I can imagine. It's FAXing for the 21st century
jasonjayr · 7 years ago
Is the source available for this? A self-hosted version of this would be nice...
(Update: Yep, just found it: https://github.com/mozilla/send, just before the comment below was posted :))
jgruen · 7 years ago
xtracto · 7 years ago
Reminded me of zerobin / privatebin. We used this internally at a previous company to share passwords and sensitive files.
Data is encrypted at client and a url with a key is generated.
Can be used 'burn after reading or with some specific lifetime.
lbeltrame · 7 years ago
As far as I can see, this requires S3 or a S3 compatible service. Kind of defeats the purpose of self hosting unless you can set one yourself (it may be, I didn't look).
EDIT: Apparently there's a way to use filesystem instead of S3, it's just not well documented.
alias_neo · 7 years ago
Minio is your friend. (S3 compatible self-hosted, open-source object store).
I recently implemented a text/snippet sharing tool that uses Minio instead of S3, because I like to self-host everything.
GordonS · 7 years ago
I use this with Seafile to store data in Azure Blob storage - it was incredibly simple to setup and has been rock solid since. Highly recommended!
penagwin · 7 years ago
I'm curious, how do you use both seafile and minio?
GordonS · 7 years ago
Minio is an S3 proxy, allowing you to use different storage backends with systems that support S3-compatible blob storage (like Seafile).
In my case I have Minio in front of Azure blob storage, so Seafile is storing data in that.
I host Seafile and Minio using Docker Compose, which was super-simple to get started with.
jasonjayr · 7 years ago
FWIW, It took me about 5 minutes to get it going after I updated nodejs to version 10. It took me another 5 minutes to realize it setup a local filesystem storage in $TEMP automatically. I was impressed with how easy it was to get going, and that it picked sensible (though not well documented) defaults :)
johnchristopher · 7 years ago
The default npm install; npm start will give you a self-hosted app. The docker one is a different beast.
nickik · 7 years ago
Anybody have a nice docker version to run this at home?
djsumdog · 7 years ago
It looks like Mozilla publishes a container and has instructions:
techaddict009 · 7 years ago
Looks more like wetransfer.
Oras · 7 years ago
True, without the email. Actually, I like we transfer for sending emails and notifications when the user has downloaded the attachments.
techaddict009 · 7 years ago
You can use wetransfer without email too I think. my designer sends me that way. Probably signed up users can do so.
hprotagonist · 7 years ago
It doesn't exactly meet the needs of "sending files to a non-technical person", but Magic Wormhole [0] has been truly great for flipping files around between me and anyone who is capable of being trusted to run `pip install --user pipe && pipe install magic-wormhole`. This is by no means everyone, but it's been very useful quite often.
asutekku · 7 years ago
I have no clue why you would suggest a tool that requires using a linux command line after telling firefox send doesn’t meet the needs of non-techical person.
jacobush · 7 years ago
No, he's saying Magic Wormhole doesn't exactly need the needs of a non-technical person.
detaro · 7 years ago
"It" in the first sentence does refer to the solution they mention, not Firefox Send.
hprotagonist · 7 years ago
magic-wormhole works fine on windows and mac; nothing about sh-like shells is linux-specific.
cherrypepsi · 7 years ago
I remember elementaryOS had a GUI for this in its app store. Never got around to try it, Linux is not well known in the consumer world, let alone Elementary
dTal · 7 years ago
>pip install --user pipe && pipe install magic-wormhole
What am I looking at here? On PyPI 'pipe' is listed as a "Module enablig a sh like infix syntax (using pipes)", and magic-wormhole's own docs just say to install with pip like anything else.
hprotagonist · 7 years ago
I typoed. I meant `pipx`, not `pipe`. My phone tried to help.
`pipx` is a convenience utility for installing cli python tools in separate virtual environments and then being able to update them nicely: https://github.com/pipxproject/pipx
So i meant
`pip install --user pipx && pipx install magic-wormhole`
dTal · 7 years ago
Well I'm glad I asked, because that sure is neat!
hprotagonist · 7 years ago
pipx is rad. `pipx install ipython && pipx inject ipython numpy pandas attrs pendulum toolz` is ... very nice.
kikikiki09i · 7 years ago
How to they pay for the storage costs?
stunt · 7 years ago
Storage is extremely cheap. Especially for a service like Send which doesn't hold any data for a long period of time.
Elseways, It might be that they have bigger plans with it. This might be just a product to learn about market potentials.
Mozilla's manifesto is all about the Internet and Internet privacy. File sharing is one of the areas where the internet is losing privacy.
nukeop · 7 years ago
I wish Mozilla focused on core Firefox functionalities instead of coming up with so many small side projects that don't target their typical audience. Since Chromium-based browsers are not an option, many of us are stuck with Firefox as the only remaining choice. But even Firefox has to be heavily customized before it's completely deGoogled and stops contacting various motherships.
As a side note Nightly build for Ubuntu has been broken since version 61 and there's no sign of any effort to fix it.
kvark · 7 years ago
Is there anything specific you are missing in Firefox today? Or is it purely the fact that it's broken since version 61? Did you submit a bugzilla issue, or know the existing number? I'd be happy to check it out.
nukeop · 7 years ago
A million things, like missing functionalities from the new extensions api (meaning no Pentadactyl), no good way to manage keyboard shortcuts, having to disable many google integrations after installation, no way to disable "do not track" if using built-in tracker blocking, no sidebars a la Vivaldi, buggy rendering (e.g. transitions animating elements using css transforms), unexplained slowdowns, lack of proper tab isolation (one slow/crashed tab takes the whole browser with it), etc. I could rant all day.
kvark · 7 years ago
Thank you! This is great input to us, it just needs a few more details to become actionable: bugs filed (for things that are not by design, of course, like the extension API), repro steps and detailed information provided. If I can reproduce it, I can file bugs myself, but I still need to get some clarifications on how to reproduce.
kikikiki09i · 7 years ago
How do they pay for the storage costs? What's the upside for Mozilla?
chrisseaton · 7 years ago
> How do they pay for the storage costs?
Using their revenue from search, like everything else they pay for.
> What's the upside for Mozilla?
"Our mission is to ensure the Internet is a global public resource, open and accessible to all. An Internet that truly puts people first, where individuals can shape their own experience and are empowered, safe and independent."
passthejoe · 7 years ago
Upside is that this is another reason to get a Mozilla account.
sam_lowry_ · 7 years ago
Google Search, Yahoo Search.
AdmiralAsshat · 7 years ago
I've used Firefox Send for several months while it was still a test pilot program. It's been very useful for quickly sending files to family. The fact that the link expires as soon as the other party downloads it means I don't have to worry about clean up.
toomuchtodo · 7 years ago
Does the link expire after a successful transfer? Curious what happens if the transfer fails mid transfer and needs a retry.
AdmiralAsshat · 7 years ago
No one I've tried it with has ever had it fail on them.
But to answer your question, I uploaded a 100mb+ file to FireFox Send, copied the link, RDPd into another computer, kicked off the download, and then cancelled it midway through download. The link did expire after that.
So I guess they don't have an easy way of telling whether the download is successful or not. Maybe Mozilla's engineers can figure something out if the issue is raised.
toomuchtodo · 7 years ago
I appreciate you took the time to run a test to answer my question. Thank you.
Firefox might consider keying off the initial IP seen upon retrieval and extending the TTL of the object until the final byte has been retrieved.
kbenson · 7 years ago
I can see benefits to keying off the IP, but also to keying off some cookie that can expire shortly. One of the reasons I imagine a download might fail could be because of a spotty of problematic VPN or proxy, or attempting to get it from a location that can't handle it well if somewhat large (some random coffee shop wifi that's overused).
There's probably enough complexity and possibility for abuse in allowing automated requests for files again (i.e. a button on the view page) or special logic for second attempts that the safest option is just to have the receiving party ask for the file again through whatever medium originally kicked off the request (an email, an IM, etc).
Firefox could do any number of things to make it easier on the user, but I expect them to take my security and privacy very seriously and to error on the side of those ideas rather than usability, so hopefully if they come out with something it's not at odds with those goals.
NKCSS · 7 years ago
If they did, you could abuse it by just trasfering every byte except the last, add that in a custom link to complete the file transfer and have unlimited distribution ;) I think it's best the way they did it.
eridius · 7 years ago
Did you test to see if the download could be resumed?
In an ideal world, partially-downloading the file would expire the link, but the server would still allow the file download to be resumed (but not restarted).
SubiculumCode · 7 years ago
If you are worried about it you can specify the number of downloads before expiration
kijin · 7 years ago
Do you ever run into a problem when an overzealous email service or virus scanner pre-fetches the link and invalidates it before an actual person clicks on it? This used to happen with all sorts of links in emails, though I haven't heard about it in a while.
AdmiralAsshat · 7 years ago
To my knowledge, the link is only invalidated if the person actually downloads the file. Simply viewing the link does not invalidate it. I can recall a couple of times emailing a Send link to my brother, then checking it in the morning to see if he had grabbed him or not. It was still viewable, so I deduced that he hadn't grabbed it yet, sent him a follow-up e-mail ("Hey you lazy bastard, grab the damn file before it automatically expires!"), and checked again a few hours later to find it gone.
JoshTriplett · 7 years ago
> To my knowledge, the link is only invalidated if the person actually downloads the file.
I've used one-time-link services sometimes, and posting the link to Slack causes Slack to make an HTTP fetch looking for metadata, which then invalidates the link.
regecks · 7 years ago
The easy solution is for the link to lead to an interstitial that shows "do you want to view the content? It will be the only time you can do so.", and make the underlying HTTP resource unpredictable (e.g. different ID to the link) so that it cannot be directly addressed.
It's a very common and easy to anticipate issue, I'm surprised that there are any one-time-link services left that suffer from it.
bradknowles · 7 years ago
Which is why you put a trivial password on the file, which isn't included as part of the link.
Then, any automated system which sees the link cannot accidentally cause the file to be "downloaded" which would cause the link to be invalidated. They can see the link itself, but they don't have the password, therefore they can't download the content to scan it.
I have used onetimesecret.com a number of times in this way.
kccqzy · 7 years ago
What if the download was interrupted because, e.g. the other person had a temporary issue in their internet connection? Does the server at least detect that the entire file has been sent over the socket? Does the server at least check that, on a TCP level, receive all the ACK packets it is meant to receive? Of course this still isn't foolproof but it's a good way towards detecting interrupted downloads.
timvisee · 7 years ago
I've been building a fully featured CLI tool for Firefox Send, supporting this new release.
For anyone that is interested: https://github.com/timvisee/ffsend
kevinherron · 7 years ago
This is neat, thanks.
drewg123 · 7 years ago
FWIW, I built and successfully ran it on FreeBSD-current. The only hiccup I ran into was that it puked building due to not having /usr/local/lib in its lib search path & not being able to find libxcb. I had to manually add -L/usr/local/lib to the cc args and manually link it. Not sure if that is a FreeBSD issue w/Rust, or something in your package.
At any rate, the tool works! Thanks so much.
timvisee · 7 years ago
Thanks for sharing your solution! Not sure what is causing it (maybe it's OpenSSL binding related), and am currently not really targeting FreeBSD yet.
I wasn't fully ready with this tool for the Firefox Send release to be honest, would have loved to be able to provide better binaries and packages for more platforms, which are a work in progress.
If you believe you can improve the README with your solution, be sure to submit a [PR](https://gitlab.com/timvisee/ffsend/).
Happy to see it's working! :)
alxlaz · 7 years ago
It's a BSD world thing :). Local (i.e. non-system) executables and libraries go under /usr/local around here (i.e. libraries under /usr/local/lib, binaries under /usr/local/bin and so on, the hierarchy under /usr/local has the same structure as that under /usr).
drewg123 · 7 years ago
You can work around it by creating a cargo config with a wrapper. Eg:
cat ~/.cargo/config
[target.x86_64-unknown-freebsd]
linker = "/home/drewg123/bin/cargo-ld"
Where cargo-ld is just a wrapper: #!/bin/sh
exec /usr/bin/ld -L/usr/local/lib $*majewsky · 7 years ago
For proper formatting of code snippets, indent the entire snippet with two spaces.
notamy · 7 years ago
> the hierarchy under /usr/local has the same structure as that under /usr
So I can have /usr/local/local/local/local...? :)
inopinatus · 7 years ago
Is there an autotools equivalent in Rust land?
steveklabnik · 7 years ago
Depends on what you mean exactly.
Datenstrom · 7 years ago
I just had the same issue with rust linking to a 1553 bus library in /usr/local/lib yesterday. Seems like this should be on the search path.
IcePic · 7 years ago
At least on BSD, you want to be able to separate external 3rd party libs and system libs in case they overlap, so that is why BSDs don't automatically include things under /usr/local.
ycnews · 7 years ago
Python cli version at https://github.com/ehuggett/send-cli
disclaimer: I haven't used either cli version.
timvisee · 7 years ago
Cool. Sadly, I don't think the client supports the current Firefox Send version though. Method of encryption has been changed during the last few months.
ausjke · 7 years ago
do I need install firefox to use this tool? looks neat!
nicebill8 · 7 years ago
Nope, you don't need Firefox to use the site anyway.
timvisee · 7 years ago
No, see the requirements here: https://github.com/timvisee/ffsend#requirements
Along with ffsend, you can use any browser to upload/download files through https://send.firefox.com/ as well.
harshitaneja · 7 years ago
Thanks a lot. The first thought after seeing this was that I wish it had a CLI and I know I am lazy enough to never write one.
tintintin · 7 years ago
This is great, thanks :)
Mind if I port this to JS?
Sephr · 7 years ago
You don't have to ask for permission to fork open source projects.
You are free to port the project to JS as long as you follow the applicable licenses: https://github.com/timvisee/ffsend/blob/master/LICENSE
nickpsecurity · 7 years ago
Love the demonstration on the Github page!
tomupom · 7 years ago
This is such a fantastic tool to have, thank you so much!
diegorbaquero · 7 years ago
I had the expectation that it would use WebRTC before opening the link, disappointed on that side. But really glad of the privacy minded offer. I appreciate Mozilla's work and effort towards a more private and encrypted internet!
JohnFen · 7 years ago
WebRTC and privacy don't exactly go together well.
seveneightn9ne · 7 years ago
How is this using end-to-end encryption? It seems like the recipient just clicks a link to download. How can it have been encrypted for that person? end-to-end encryption normally means that there's no way for the intermediary to unencrypt the data but I can't see how that's possible in this case.
weaksauce · 7 years ago
Client side JavaScript that encrypts locally befor uploading and puts the encryption key in the url you share with someone that never gets sent to Mozilla. Also client side decryption on the person you shared the link with. It’s end to end.
pault · 7 years ago
With the caveat about client side browser encryption in general, which I'm sure someone will pop in here and explain in detail. :)
EwanToo · 7 years ago
The url effectively contains the decryption key, so the web server could be set to capture the urls and decrypt files.
If you want, you can also set a passphrase on the file to share via another channel
Vinnl · 7 years ago
That's why the key is in the hash part of the URL; the server can't access that (unless it also sends client Javascript that parses it and sends it back to the server, but that could be detected).
SamuelAdams · 7 years ago
What if I'm on a network I don't trust? Is the only option to set a passphrase? More importantly, the UI doesn't call this out explicitly, so uninformed users may think it's "secure enough" without a passphrase.
e12e · 7 years ago
The anchor hash/fragment (#hello) isn't sent over the network.
https://tools.ietf.org/html/rfc3986#section-3.5
"(...) the fragment identifier is not used in the scheme-specific processing of a URI; instead, the fragment identifier is separated from the rest of the URI prior to a dereference, and thus the identifying information within the fragment itself is dereferenced solely by the user agent, regardless of the URI scheme."
Ed: as for an untrusted network, tls should be able to secure that. Except if the network owner can insist on/enforce a tls stripping mitm/proxy.
fzzzy · 7 years ago
The browser will never send the key across the network by itself because it is in the fragment. Of course, you have to get the url with the fragment off your computer and to the intended recipient, so a MITM of this communication could intercept and download the file before the intended recipient. The intended recipient would know that this has happened, though, as the link will then be expired (assuming it was set to 1 download); if this is a fear, I would suggest adding a passphrase and sending the passphrase out of band, for example over a voice call.
SamuelAdams · 7 years ago
> The url effectively contains the decryption key, so the web server could be set to capture the urls and decrypt files.
If that's the case, I think setting a passphrase should be mandatory. Proxy servers are extremely common at every workplace. Since they probably log all requests, they will capture all keys in the URL.
fzzzy · 7 years ago
The key is in the fragment and thus is not sent to any server.
0xfeba · 7 years ago
IIRC The link contains an anchor `#abc123` which is the decryption key. Browsers do not send anchor parts of the URL to the server, and so the browser decrypts.
Hinges on the browsers never sending that key, though.
tantalor · 7 years ago
Obligatory https://xkcd.com/949/
kenrick95 · 7 years ago
There's also a http://xkcd949.com/
ChrisArchitect · 7 years ago
what is the business case for this tho? Who pays for the bandwidth??
usermac · 7 years ago
Yes, next to Apple's AirDrop, this is a welcome addition.
voidmain0001 · 7 years ago
I'm onboard as a regular user of send.firefox.com. How does Mozilla have the money to offer this for free?
snazz · 7 years ago
Maybe they just don’t need too much storage since they expire quickly. This would be an interesting thing to graph, if they release the statistics.
Vinnl · 7 years ago
Mozilla has quite a bit of money, most of it from their default search engine deals. I'd wager to guess that most of it goes to wages.
danilocesar · 7 years ago
Net income 2017: 89 million. Not that much for a company employing more than a thousand employees. But impressive for a corporation that is 100% owned by (and allegedly managed like) a non-profit org.
Aissen · 7 years ago
I wonder if they've fixed the issue where one can force reuse of a link by slowing down a download, and sharing the URL ? Hence turning it into a cheap file hosting service:
https://news.ycombinator.com/item?id=15450524
I haven't been able to upload a file to try.
klohto · 7 years ago
I've tested this and the link seems to expire the moment the user starts a download.
Aissen · 7 years ago
Nice.
laurent123456 · 7 years ago
How does E2EE work if the recipient can download the file directly? I'd expect some key or password needs to be exchanged too?
Vinnl · 7 years ago
They key is appended to the URL as a hash, which cannot be read by the server.
romantomjak · 7 years ago
I really don't understand why they didn't share a link to the repository in the article. For anyone who's interested - here it is: https://github.com/mozilla/send
Cyphase · 7 years ago
It's because this blog is for mainstream audiences who don't know what GitHub is and might be scared of all that code-y stuff if they accidentally clicked on it.
thekyle · 7 years ago
I'm not so sure about that. I have a difficult time believing that anyone in the "mainstream audience" would take the time to read Mozilla's blog posts, or more generally the blog posts of any tech company.
huhtenberg · 7 years ago
Very clean and nice, but how is this financed?
That is, who's paying for the server storage and the bandwidth?
Vinnl · 7 years ago
Presumably Mozilla, just like they do for the sync and Web Push servers.
olig15 · 7 years ago
I think what the previous poster meant was 'why' are Mozilla paying for it?
toomuchtodo · 7 years ago
The open web is more than just a browser. The cost is minimal when you have your own infra instead of AWS’ bandwidth gouging.
thekyle · 7 years ago
Another user pointed out that Firefox Send is written to use an Amazon S3 compatible API to run. That could mean that Mozilla is using AWS for the service.
toomuchtodo · 7 years ago
Vinnl · 7 years ago
Ah. In that case, I seem to recall they performed user research among users of their browsers that uncovered that sending files to others was still a major pain point. It's also a way in to promote a Firefox account, and Firefox in general.
Of course Mozilla's not in it for the money, so there's not a direct line from Send to more revenue. Firefox is their main tool to protect the open web, and Send is a way to get more people to use that. And of course, being able to send files encrypted is good for the web as well.
Indirectly, it is primarily financed by the search engine deal in Firefox.
kpcyrd · 7 years ago
mozilla
patrickxb · 7 years ago
I don't understand how they can afford the bandwidth...
If this were on AWS it would be around $0.09 per GB for downloads.
toomuchtodo · 7 years ago
Which is why you don’t host it on AWS. Wrong tool for the job.
TheKarateKid · 7 years ago
Their Github page specifically mentions AWS S3 as a requirement. So they are using it.
twic · 7 years ago
It mentions "AWS S3 or compatible service". The S3 API is a de facto standard for object storage services, and there are numerous implementations of it.
sethhochberg · 7 years ago
(Including many which you can easily self-host like Minio, for those who are following along at home and weren't sure whether that was just limited to other cloud services)
coderunner · 7 years ago
Is there a cheaper S3 alternative that you recommend or that Mozilla's likely using instead?
Rebelgecko · 7 years ago
I think Backblaze's cloud storage is the cheapest I've seen. Microsoft and Google would also be a bit cheaper than S3
toomuchtodo · 7 years ago
As you mentioned, huge fan of Backblaze B2. No affiliation, just a satisfied customer. Can also pair it with Cloudflare for even less expensive traffic serving.
https://www.backblaze.com/blog/backblaze-and-cloudflare-part...
ibotty · 7 years ago
But it's not s3 compatible.
kgwxd · 7 years ago
If they can't keep up, at least we'll always have the code: https://github.com/mozilla/send
sirsuki · 7 years ago
First off, Mozilla believes in the service. Mozilla itself gets funding from donations and corporate backing (I think). The cost of bandwidth is small compared to other file share sites in that the files stored are temporary. The transient nature of the files means that the max storage space needed is relative to the concurrent number of users. Bandwidth also. That means sans a very clever DDoS their expenses should be manageable compared to say Google Drive, Dropbox, or MS One Drive.
I remember sending a signed PDF via Firefox Send and was at first horrified when I realized I couldn't get the file back after 24 hours but then relieved knowing that the recipient got it and then it disappeared from the internet. Very cool!
akelly · 7 years ago
I believe that most of Mozilla's revenue comes from Google profit-sharing, because they make it the default search engine.
casefields · 7 years ago
Read here for the why: https://github.com/mozilla/send/blob/master/docs/metrics.md
Peter-Jan · 7 years ago
One of their KPIs is: "Percent of users who have or create an FxAccount via Send, Why: representation of % of any service users who might be amenable to an upsell"
From this it seems that their moneymaker is the new Firefox account creations that will be driven by this service, to whom they can then upsell. But it doesn't state what they are trying to upsell. Anyone got any idea what that might be?
Vinnl · 7 years ago
I would imagine that to be Firefox itself and Firefox for Android/iOS. I've seen people easily set up syncing on Google Chrome because they already have a Google account to which they might even already be logged in, while they're completely unaware that Firefox has a similar feature.
If you already have a Firefox account, the barrier to using Firefox Sync is lower, and with that, the barrier to using Firefox for Android/iOS is lower.
mzs · 7 years ago
We'll find out by the end of the year »
Secondary - In support of Revenue KPI
We believe that a privacy respecting service accessible beyond the reach of Firefox will provide a valuable platform to research, communicate with, and market to conscious choosers we have traditionally found hard to reach.
We will know this to be true when we can conduct six research tasks (surveys, A/B tests, fake doors, etc) in support of premium services KPIs in the first six months after launch.
intellent · 7 years ago
Is there a simple way to get the direct URL of the file (e.g. to use in wget cli calls).
ubercow13 · 7 years ago
The file is decrypted in client-side JavaScript so presumably no
_bxg1 · 7 years ago
Ah man, I literally came up with (and prototyped) this exact thing in 2013. Minus the end to end encryption. I dropped it mostly because I wasn't sure how to prevent illegal use and didn't want to be liable.
Edit: mine was actually (partially) better because it assigned a short PIN instead of a full link, which meant you could just look at it and remember it for typing-in, instead of requiring a separate channel to "send" the link.
tyingq · 7 years ago
The end to end encryption necessitates a hard to remember uri anyway, so I don't think you can have both "secure" and "memorable".
_bxg1 · 7 years ago
Yeah; ID length was definitely another challenge. Time-expiration helped, but. I was going with 6 digits as a middle ground but it wasn't super secure, even if an upload expired after a few minutes. And of course there was no way for the user to know for sure that I couldn't keep around a copy without the E2E.
jdmichal · 7 years ago
Theoretically, yes. But they could also derive keys from a shorter password value -- like password managers.
TheShrug · 7 years ago
A short PIN seems nice for personal use (maybe on a self-hosted service) but wouldn't a short PIN allow people to potentially guess random PINs and download files that they shouldn't have access to?
_bxg1 · 7 years ago
The hope was for the time limit to help improve those odds, but, yes. It was also not really intended for anything truly sensitive.
The motivating case was when you're in physical proximity to the destination device, but don't have any account linkage between the two (not even messaging/email/social accounts that are connected). The original idea came from university computer labs: transferring homework between the lab computer and a personal one was a pain. I had to sign into dropbox in the browser (and 2FA), or attach it to an email, or carry around a flash drive (which wouldn't work on phones), or whatnot. Just to move the file three feet. A glanceable code with no sign-in bridged that gap.
Other use-cases include people you don't know very well (and therefore don't have an email, phone number, etc.). We demonstrated the prototype to a crowd by uploading a file with the code visible on the projector, and suddenly everyone in the crowd had the file. That was pretty cool.
Sammi · 7 years ago
Encrypting it with a random key that doesn't get sent to the server, but is in the URI that the user sends to the receiver means that only the sender and receiver know what the file actually contains. Means neither you nor law enforcement can know what you are storing unless the URI is captured.
scriptkiddy · 7 years ago
If you're still interested in this type of tool, I'm sure Mozilla would welcome your contribution: https://github.com/mozilla/send
hombre_fatal · 7 years ago
You came up with a web service that lets anyone upload something and then download it via /uploads/123?
That's basically a hello world project. As you found out, the hard part is everything else, like funding it.
_bxg1 · 7 years ago
Funding it wasn't a problem. It took a weekend to build and was dirt-cheap to host. If people started using it enough to increase the server costs I would've stuck an ad at the bottom.
Honestly half of why I took it down is nobody was really using it. I didn't work terribly hard to market it, as I had no aspirations of getting rich and it would've been tenuous to monetize at all. I just told friends about it, etc.
I didn't imply there was a "hard part" to it. Just a neat idea. No need to dump on it.
LinuxBender · 7 years ago
I have a few sites like this, but very few people use them. These days, box and related sites have absorbed all the file uploads.
About 15 years ago, my sites were pushing 400-600mb/s non stop. Nowadays, I barely hit 1% of my network cap at each VPS location.
_bxg1 · 7 years ago
Hah, found a record of the project (we did it at HackTX): http://techzette.com/2013-hacktx-winners-and-finalists/
It was called "Catch"
woranl · 7 years ago
I'm surprised that no one raised their concern about javascript encryption. Usually, some will point out that the user will have to trust the delivered client side code first. Has javascript encryption finally got mainstream now?
NedIsakoff · 7 years ago
How are they going to deal with bad content? Child porn? Pirated content? Illegal stuff?
mac01021 · 7 years ago
Since it's encrypted end to end, presumably they will be oblivious to all that stuff?
NedIsakoff · 7 years ago
Sure, but doesn't help with the PR does it. If people start using it to send/dist the stuff, the news will mention it.
tasty_freeze · 7 years ago
The same way backup services and email servers deal with encrypted data. They have no way of knowing.
Secretmapper · 7 years ago
This is perfect! I'm currently taking a networking class where we generate trace reports, and I've just realised how tricky it is to send files without logging in (I'm just averse into doing that in a machine that's not mine). I can email my trace files, but I need to login, I can store in dropbox/drive, but again I'll have to login.
I wish they added a QR code option as well. It would be perfect for quickly copying the link by snapping it with my phone so I can download later.
pvK12 · 7 years ago
Backend is written in JS. I can understand why they chose Node, but why not Typescript? This needs to be maintained and TS >>> JS.
z3t4 · 7 years ago
Why doesn't Firefox support p2p file sending !? Why do they do with the files I upload !?
icebraining · 7 years ago
P2P means both machines must be able to talk to each other (occasionally difficult when both are behind NAT) and must be turned on at the same time. Using a reliable intermediary gives some flexibility.
kgwxd · 7 years ago
Why not "Mozilla Send"? If Firefox the browser isn't a requirement, the name is confusing.
mrhappyunhappy · 7 years ago
I was confused too. When it worked on non Firefox browser it was a pleasant surprise. I'm guessing this is just to promote Firefox browser. Wouldn't surprise me if they added higher file limit after usage grows and with it a paid tier :)
Cyphase · 7 years ago
The same reason it's Chromecast, not Googlecast.[1] Branding.
[1] The protocol is named Google Cast, but all the consumer branding is Chromecast.
kgwxd · 7 years ago
I was thinking the same thing but in Google's case, Chrome is the dominate browser and most people recognize it as something they already have. In the case of Firefox, it's more likely they'll recognize the name specifically as the browser they don't have and will think they can't use it.
ghostly_s · 7 years ago
They'll recognize it as the browser they don't have any maybe should get because it's now positively associated with cool new features like this. :)
Vinnl · 7 years ago
I think what helps is that there's two (or more) parties to a file transfer: the sender and the recipient. Someone who uses Firefox might start using Send, and then the recipient(s) finds out that they can use it too. And if they're using Send, the might start to consider using Firefox, or to create a Firefox account first.
ihuman · 7 years ago
Does Firefox Send work on browsers besides Firefox for sending and receiving files? It's blocked at my office, so I can't test it.
pizzapill · 7 years ago
The page states that it'll be available on all browsers and a android app is going to be released later this week.
fzzzy · 7 years ago
Yes. Tested on Chrome, Safari, and Edge.
tasty_freeze · 7 years ago
Oddly, it doesn't work for me (FF 65.0.2, windows 7) -- I just get an inert white rectangle in the middle of the screen. I tried turning off ublock origin and DNT settings, but it still is just a rectangle.
It works on chrome, and does not work on IE 11 (win 7 doesn't support edge)
fzzzy · 7 years ago
This seems to be a known bug if you have used the old version of send in your profile that may be fixed now. If you try it in a private browsing window and it works, it's probably that bug.
tasty_freeze · 7 years ago
Sure enough -- it works in a private window. Is there a known fix for this, or do I need to create a new profile?
fzzzy · 7 years ago
It's been fixed and the fix is deployed to prod. Might need to clear some cache.
foxhop · 7 years ago
Wow, this is really awesome and really cool! First I've heard of it. Just tested it and it worked great.
Is it possible to audit the tech? Is Firefox send open source?
jfk13 · 7 years ago
bjt2n3904 · 7 years ago
I don't understand the end-to-end encryption claim.
1. Bob uploads a file, but specifies no password.
2. ???
3. Sue downloads the file.
Best case, Bob's browser encrypts it (with javascript?) before uploading. Either Mozilla provides a key, or Bob sends the key he used. When Sue's browser downloads it, Mozilla sends the key and her browser decrypts it client side.
In either case, Mozilla has the password for decryption. This makes a mild barrier to mass scanning content that's uploaded, so at least that's something... but that's little more than a promise I have to trust.
Am I missing something? Where is the "end-to-end" encryption? End-to-end means I don't have to trust you (as much). Please don't turn this into a meaningless buzzword...
EDIT: I did misunderstand something. Please see timvisee's comment below.
mimsee · 7 years ago
Generated by random and applied to the URL hash data that is not sent to the server. Hash data is data in an URL after the hashtag
timvisee · 7 years ago
The client encrypts the file that is uploaded, along with some metadata. The key is appended to the share URL provided by the URL, in the fragment/hash, and is never sent to the remote server. Only people having the URL including the secret will be able to download and decrypt your shared file. See https://github.com/mozilla/send/blob/master/docs/encryption....
bjt2n3904 · 7 years ago
Thanks for the info. Let me see if I understand this correctly.
Browsers don't send the anchor tag (ie: with GET requests). FF Send takes advantage of this by using the anchor tag to store the key for decryption.
That is kinda novel. You still need to trust the upload client to not leak the key, but I see that you've written a CLI version. Interesting! Thanks for the response.
NKCSS · 7 years ago
It's not a new idea, the megaupload successor first did it as far as I can remember
simias · 7 years ago
Indeed, the website serves you the crypto code but it runs totally on the client so it's perfectly safe and could in no way be backdoored.
More seriously, did they do anything to fix this obvious design flaw? If they want to fish a key they can just serve you a modified JS file and retrieve the key. Unless of course you chose to audit the JS served every time you browse the website.
solarkraft · 7 years ago
How would this be possible to fix? I currently don't see any possibility of this.
coolspot · 7 years ago
Yes, the mega.co.nz . End-to-end encrypted dropbox analog.
timvisee · 7 years ago
You got it! The only thing you'd have to worry about is malicious JavaScript on the Firefox Send website which I believe would be highly unlikely. And of course, you must keep your link secret.
Yes, such a CLI tool would help protect you against a MITM with malicious JavaScript.
Piskvorrr · 7 years ago
Unlikely but possible. Two words: browser extensions.
quickthrower2 · 7 years ago
Three words: My Ether Wallet.
solarkraft · 7 years ago
It's cool, but not exactly novel. Mega has done it this way for years.
air7 · 7 years ago
That's cool, but it's still the same party providing both the storage mechanism, and the JS that encrypts the content on the client-side. You have to trust them that they are not "peeking" at the keys you are generating using their code in your browser.
mrmanner · 7 years ago
But at least you only need to trust them now, and not every incarnation of them in the future =)
SubiculumCode · 7 years ago
Not to mention that onr could always encrypt it themselves then use ff send
jszymborski · 7 years ago
This is where WebCrypto in browser extensions begins to get interesting, I think.
jszymborski · 7 years ago
I use a similar mechanism on my website https://expiring.link
I'm working on documenting the code now before I release on GitHub, but it works on the same premise :)
WebCrypto is mana from the gods...
philsnow · 7 years ago
Anybody who can catch the link in transit can get the file. Emailing these links with the decryption key right in the fragment is going to allow any party in between the sender and the receiver to fetch the file. (If the file is set to only allow downloading once, the receiver can at least let the sender know that it got intercepted.)
So you have to send the link through some previously-negotiated secure channel. At that point, why not just send the file through that channel? Is it because signal/whatsapp/etc don't allow large files or because the interface is cumbersome?
bjt2n3904 · 7 years ago
True, but I don't think I'd use this website for anything I'm that concerned about. At that point, I'd encrypt it myself with something like gpg or openssl on the command line.
This fills a handy gap for a lot of people with smaller needs.
philsnow · 7 years ago
> I'd encrypt it myself with something like gpg or openssl on the command line.
> This fills a handy gap for a lot of people with smaller needs.
You point out exactly the problem: the people who are technical enough to deal with GPG's UX competently are also technical enough to evaluate whether they should put a particular document through this Send service.
I don't think nontechnical people have "smaller needs".
Legogris · 7 years ago
Absolutely. Security and secrecy are not binary, though, it's a spectrum. There are many things where you would mostly want to avoid dragnet attacks and undetected intrusion but don't have concerns for targeted attacks like the one you are describing.
I think this fills the gap for when you want to share not-critically-secret stuff with non-technical people and would today likely send it over something like e-mail, Drive or Dropbox.
philsnow · 7 years ago
I don't disagree. I've been thinking about how I would write the announcement copy explaining to non-technical users how the links should also be treated as secret and how email is not encrypted in general. It's a hard problem.
tialaramex · 7 years ago
I think it's relatively intuitive for lay users that the links are secret. If you give someone the link, they get the file. What's not obvious about that?
If anything it's probably harder to understand for a somewhat semi-technical person who probably has started to think about encryption and so on but hasn't got far enough to spot that oh - the secret key is in the URL itself as an anchor and so the URL is the secret.
Computer Security is often nicer here than real world physical security, because we are often able to make the extreme cases so implausible as to be irrelevant, enabling intuitive statements to be true in practice rather than subject to endless caveats.
For example a lay person sees a padlock and they imagine that it cannot be opened except with the padlock key. And this is untrue in lots of ways - so a more technical person may think of some of them, and identify that this particular brand of padlock defends against those well, but not realise that other problems are undefended.
So this means the truth about the padlock has to be more nuanced and relative. Breaking the lock open with tools is "difficult". Picking the lock "cannot easily be done in under a minute". But lay people don't like nuanced, relative statements. It sounds a lot like this padlock won't really stop someone stealing my bike! That's because it won't.
But in computer security we often can make these cases irrelevant in practice. What if someone just tries all the key values for this AES encryption? That's fine, there are so many that even if they could try as many as there are grains of sand in the world, every second, the sun would burn out long before they had a meaningful chance of guessing the right one.
smacktoward · 7 years ago
It's intuitive for lay users that the links are secret, yes. What lay users have trouble understanding is that putting something in an email automatically makes it not secret.
SubiculumCode · 7 years ago
Right. If I were really really concerned one would encrypt it locally then send...which you could do in ff send.
timvisee · 7 years ago
Yes. I would like to add though, that you can set an optional password as well. Without it the link would be useless. You can share it through a different channel.
srecio · 7 years ago
Won't most people just share the links over email? With the decryption key in the url I don't see very good security guarantees here
lol768 · 7 years ago
It seems vulnerable to an active MitM - if the attacker is in a position to serve malicious JS that exfiltrates the data from window.location.hash.
I think the scheme is fairly robust against passive interception though.
woah · 7 years ago
Client side encryption keeps honest companies honest but no more than that
omouse · 7 years ago
The eternal problem of uploading and sharing massive files seems to always have new solutions.
benawad · 7 years ago
> Key Business Question to Answer: Is the value proposition of a large encrypted file transfer service enough to drive Firefox Account relationships for non-Firefox users.
The metrics section is interesting https://github.com/mozilla/send/blob/master/docs/metrics.md
medmunds · 7 years ago
Oh interesting. Their two hypotheses (which they will test) are that Send "can drive Firefox Accounts beyond the Firefox Browser" and that it will "will provide a valuable platform to research, communicate with, and market to conscious choosers..."
It sounds like they're investigating a premium service offering targeted at privacy conscious users. (The secondary hypothesis covers "revenue" and will be tested by conducting "research tasks ... in support of premium services KPIs.")
bredren · 7 years ago
Much of the data I share with friends using dropbox is on time-limited data in the 1-2 GB space.
For certain reasons I get a ton of dropbox space, but for my friends, data quotas kick in on even simple files shared like this.
I believe this is a primary upgrade mechanism for DB--I'd say this new firefox offer is in competish.
sumitgt · 7 years ago
It would be really amazing to build some sort of integration in commonly available WiFi connected scanners and printers.
Currently, my scanner conveniently sends me emails with scanned documents. But I have not insight into how they actually store and delete the document on the backend.
Would be great if the scanner had the option to upload to Firefox Send and show me a QR code to download it on other devices.
Shorel · 7 years ago
This really feels like something the old Opera (not the Chromium version) would have done back in the day.
all_blue_chucks · 7 years ago
They did. But it didn't work with NAT so it died.
m_b · 7 years ago
This project sucks. Another bullshit firefox.com product that reinvent something existing and well established (eg. Jirafeau or Lufi). I hate so much what Mozilla become.
oftenwrong · 7 years ago
Non-descriptive headline. Borrowing some copy from the announcement makes it better:
"Firefox Send: a free encrypted file transfer service"
maurom · 7 years ago
Been using it since beta. Props to Mozilla for providing one of the easiest and well thought file sharing services.
qwerty456127 · 7 years ago
How does it work? Is it P2P or what?
JohnFen · 7 years ago
The encrypted file is stored in the cloud. The recipient downloads it from there and decrypts it.
P2P would be much better, but this isn't that.
mtgx · 7 years ago
Wasn't it initially P2P and based on the WebRTC protocol?
JohnFen · 7 years ago
Not as far as I can tell. Mozilla also has (or had, I forget whether it's still a thing or not) a built-in WebRTC client they called "Hello", but that was a different thing.
qwerty456127 · 7 years ago
What's the reason it's not made this way or doesn't include WebRTC-based P2P transfer as an option?
JohnFen · 7 years ago
I have no idea.
lmedinas · 7 years ago
a bit off topic but here it goes...
This is how i think Mozilla can capture more users back to Firefox. By providing "extra" services attached to the Mozilla and Firefox brand will make them a superior product to the end user. Sure it's hard to compete with Chrome but if you offer useful features and services integrated in your Browser i see that Mozilla actually has a chance to compete with Google for the browser space.
This is one of the "advantages", if you are a heavy Google user, of Chrome over the competition is that everything is attached to your Google account. Passwords, history, spellers, dictionaries, shortcuts, etc...
If Mozilla comes with Send, Notes, Password Manager all integrated in Firefox i see a good way to bring back some of the previous users that switched to Chrome.
scriptkiddy · 7 years ago
Along the same lines, a Gmail-esque Thunderbird web service would be amazing. I could finally de-google myself completely if that were the case.
Currently, I need to set up my own email hosting through a service like fastmail and then configure a desktop client(like Thuderbird) to use it.
A Mozilla Gmail-esque service would remove a lot of the friction there and probably bring in a bunch of users who are tired of google running everything.
gnud · 7 years ago
Fastmail has a nice (and snappy) web interface. So you don't _need_ to set up a desktop client, unless you want to.
scriptkiddy · 7 years ago
I've used for a contract project I worked on. It wasn't bad, but it was difficult to filter when there was a lot of messages.
hotgeart · 7 years ago
> If Mozilla comes with Send, Notes, Password Manager all integrated in Firefox i see a good way to bring back some of the previous users that switched to Chrome
As a Chrome user I can confirm. But for me the main raison I use Chrome is for the dev tools a found them better than FF
TheArcane · 7 years ago
For me, it's the seamless translation suite
asdgiobiobiuo · 7 years ago
You may be right, but I hate it. There is no reason I can think of to have all these tools integrated into a web browser, and the idea of having the Internet broken into silos based on your choice of browsers scares me.
We don't need another AOL Chrome.
lmedinas · 7 years ago
the problem with "AOL Chrome" is that it's based on advertising and internet company services where Mozilla has a chance to provide a service, even if it could be paid, without advertising and privacy friendly like their latest experiments.
Vinnl · 7 years ago
Good to know is that Send is not a silo: you can use it with any browser.
swebs · 7 years ago
Literally all they need to do is advertise tree style tabs. It's the reason half my office stopped using Chrome.
paulintrognon · 7 years ago
That's an add-on right? I don't think they can advertise something that's not in Firefox's core
solarkraft · 7 years ago
It's something only Firefox has. And it should absolutely be in its core. Preferably without requiring a custom CSS file to hide the old tab bar.
tantalor · 7 years ago
> By providing "extra" services attached to the Mozilla and Firefox brand
How is that different from the complaints people make about Chrome tightly integrating with Google?
roryokane · 7 years ago
In the past, I used https://volafile.org/ for sharing files that will be deleted within a week. Volafile doesn’t do end-to-end encryption like Firefox Send, but it allows you to upload files over 2.5 GB.
Volafile’s multi-file “room” functionality, with chat, makes it more suited for sharing files among multiple people, while Firefox Send is optimized for sending a single file to a single person or a targeted group.
cmurf · 7 years ago
Relatively new, are additional expiration options:
1 to 100 downloads, 1 is the default; or 5 minutes to 7 days, 1 day is the default. And an option to protect with a password.
Upon expiration, entering the URL behaves the same as if you enter a bogus URL, it's basically denied to have ever existed, i.e. it doesn't say this URL has expired.
cmurf · 7 years ago
Another neat feature actually built into Firefox is Take a Screenshot. To the right of the URL field, in the three dots menu. Option to save it locally, or save in the cloud with a URL with some expiration options. Sorta like a pastebin for screenshots.
It only takes screenshots within the confines of a Firefox window.
fzzzy · 7 years ago
Glad you like it (I worked on it). Just a side note, the cloud service will be going away in the future, but the ability to save it locally will remain.
detaro · 7 years ago
Replacing the cloud bits with Firefox Send integration seems a fairly obvious idea then?
fzzzy · 7 years ago
That has been discussed :-)
robinhood · 7 years ago
This service is really great and I'm sad to read it will go away - but of course, it makes no sense from a money perspective to keep it free forever. But the initial idea - saving screenshots made by the browser to the cloud is fantastic, and much more convenient than the myriads of SAAS that provide this kind of service.
SubiculumCode · 7 years ago
I've used firefox send many times since its introduction as a pilot. I applaud its simplicity. The workflow is basically upload, send message/email containing the link, download.
ajsharp · 7 years ago
Sharesecret (my company) provides a similar service, along with a slack extension for anyone who needs a commercial product. https://sharesecret.co
m4lvin · 7 years ago
The same idea (e2e decryption key in fragment/hash) is used by the self-hosted Lufi. Public instances are running at https://upload.disroot.org/ and https://framadrop.org/ and the code is here: https://framagit.org/fiat-tux/hat-softwares/lufi Maybe someone can comment on how Lufi compares to Firefox Send (performance, usability?)
I also think the blog post could explain more why and how the e2e encryption works. Maybe just by showing an example link and then highlight with colors "this part is private"?
Rafuino · 7 years ago
This is awesome for sending private documents to family (tax season, anyone?), especially when your family isn't inclined to learn cryptography to set up their own solution. Will be trying this ASAP.
johnchristopher · 7 years ago
The npm installation of send is quite easy to set up.
skrebbel · 7 years ago
In the not so recent past, HN'ers loved to quote tptacek's legendary rant about how in-browser JavaScript crypto is fundamentally broken[0].
What changed? Is that rant finally outdated? Couldn't Mozilla at any time serve a corrupted JS bundle (with or without their knowledge) which would leak the key somewhere, silently replace the encryption by a noop, etc?
I ask out of interest, not skepticism. I much prefer an internet where we can trust web apps to do proper crypto than one where we have to depend on some app store to somewhat adequately protect us.
[0] https://www.nccgroup.trust/us/about-us/newsroom-and-events/b...
qrbLPHiKpiux · 7 years ago
As long as there is a possibility, I say yes - not "if" but "when."
Humans are always the weakest link with the internet and someday, sometime, bad code (unknowingly) will be pushed and something will happen to someone.
serkanyersen · 7 years ago
Couldn't they do the same If crypto code was on server?
fouadmatin · 7 years ago
SubtleCrypto is a new browser-adopted spec for performing crypto operations natively. For example, instead of using Math.random() for random number generation, you can use https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getR... in combination with the SubtleCrypto functions to work with keys securely
Your points around a compromised JS bundle are still possible but that has more to do with a company’s deployment/change management setup than JS itself imo
thinkloop · 7 years ago
Didn't realize it had full support by every browser, even ie: https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getR...
kbenson · 7 years ago
The SubtleCrypto portion of the API is slightly less supported in that it appears to have spotty/non-compliant IE and Edge coverage.[1]
1: https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypt...
shezi · 7 years ago
The problem with that table is that this only lists the entry methods, which are supported in all browsers. However, the actual work is hidden behind parameters, not all of which are supported by all browsers, and some have to be in weird combinations. One example is that Edge does not support PBKDF2 in any form, which makes many of their further support a bit weird to use.
Here's a site where you can test your browser's compatibility with many combinations: https://diafygi.github.io/webcrypto-examples/
fzzzy · 7 years ago
I think it uses a cryptofill shim for browsers that don't support all of the crypto api
skrebbel · 7 years ago
> Your points around a compromised JS bundle are still possible but that has more to do with a company’s deployment/change management setup than JS itself imo
But that's the only point I intend to address here. If Pascal had been the language of the web then my question would have been about Pascal.
Therefore I don't see how SubtleCrypto changes matters much.
In short, if I get it right, the argument would be that in eg a mobile app, all the e2e logic (the core crypto plus the code around it) go through peer-review, then some release management process, then some review by Apple or Google, before it lands in my hands via their app stores' well secured delivery mechanism. In a web app, a single compromised server will compromise all security instantly. Generally I'm fine with trusting Mozilla's servers, but if I have to trust their servers then what's the point of end to end encryption?
anon4242 · 7 years ago
> In a web app, a single compromised server will compromise all security instantly.
This is only true if the server has access to the keys of your data. E2EE typically means that it doesn't, only you do.
dchest · 7 years ago
In a browser, the server serving the JS has an opportunity to access the keys.
wereHamster · 7 years ago
subtlecrypto has API to generate a keypair that you can't extract and access from the JS side. You can only use it to encrypt/decrypt buffers, but not access the key itself.
dchest · 7 years ago
Sure, but having access to encryption/decryption/key derivation is pretty much equivalent to having the key in most circumstances. Plus, JS generates the key and sets "extractable" flag.
anon4242 · 7 years ago
This is the case with all E2EE tools. You have to trust that they do their crypto correct and that they aren't evil. As Firefox Send is open source you can setup your own server if you don't trust Mozilla, but then again, if you don't trust Mozilla you might want to eyeball their code carefully first...
dchest · 7 years ago
Your description is very simplistic, but yes, you have to trust the code that's delivered to you. For example, no Android/iOS user would check every single update to E2EE apps they install for backdoors. However with web, there's an opportunity for a backdoor in every single request and the server can ship different code to different users. In my opinion, using web cryptography is still worth it, but it's definitely more risky than native apps.
skrebbel · 7 years ago
And how does that work with Firefox Send? Isn't the key somehow in the payload or the URL?
anon4242 · 7 years ago
Without knowing almost anything about Firefox Send, it does seem that the key is embedded in the link you give to your friends. In that case E2E means that the key is not stored on the server. In order to guarantee that, the link is probably in two parts, one that identifies the file on the server and one is the key. The key part of the link is probably generated on your machine and thus never sent to the server (to prevent it being in any logs or what not). So if Mozilla's servers are compromised the attacker still would not be able to decrypt your files. Of course if the server is compromised the attacker could serve up malicious JS for future uploads.
gnachman · 7 years ago
If it works, it prevents mass surveillance and makes insider attacks much more difficult.
lubesGordi · 7 years ago
Seems like Send would have to be a built in browser functionality or maybe a plugin.
thinkloop · 7 years ago
That article primarily comes down to this:
> WHY CAN'T I USE TLS/SSL TO DELIVER THE JAVASCRIPT CRYPTO CODE? You can. It's harder than it sounds, but you can safely transmit Javascript crypto to a browser using SSL. The problem is, having established a secure channel with SSL, you no longer need Javascript cryptography; you have "real" cryptography.
In our case we aren't doing crypto inception where the cryptography is meant to secure itself. The crypto is being served securely (by ssl) and then used to solve the separate unrelated crypto problem of encrypting random files.
aij · 7 years ago
That question seems closely tied to
> WHAT'S THE "CHICKEN-EGG PROBLEM" WITH DELIVERING JAVASCRIPT CRYPTOGRAPHY? If you don't trust the network to deliver a password, or, worse, don't trust the server not to keep user secrets, you can't trust them to deliver security code.
I haven't looked at the details of how Firefox Send works, but if you can download and decrypt the file with nothing more than an https:// URL, it seems like you'd have to trust the server, either to handle the cleartext or to provide trustworthy code to handle the cleartext.
I suppose an alternative would be to generate a data: URL, but if it has to include all the crypto code, I wouldn't expect it to be nice and compact.
hcs · 7 years ago
> I suppose an alternative would be to generate a data: URL, but if it has to include all the crypto code, I wouldn't expect it to be nice and compact.
Sounds like a challenge for the code golfers.
Rebelgecko · 7 years ago
Some of those points are relevant and some aren't. For logging in to a website, "just use SSL/TLS instead" makes sense, but not for this use case. There's better options nowadays for doing crypto in the browser, but I wouldn't be surprised if they were at least theoretically vulnerable to side channel attacks from JS running in another tab.
The main thing is that unless you're paying really really close attention to the JS that you're executing, you can't trust this any more than you can trust Mozilla and the security of whatever computer is serving their pages. I wouldn't use this for sending data that you're trying to hide from a nation-state, but it looks like a great option if you want to send a video to your grandma without posting it publicly on the internet or teaching her how to use GPG.
ghthor · 7 years ago
This is really the point here. But the danger is always that someone who needs strong nation state secure crypto is used to this and doesnt realize the implications of using this when trying to keep state level secrets.
stingraycharles · 7 years ago
Indeed, you can rest assured that this will be used to share passwords that should not be shared this way. I would be surprised if it hasn't been already.
danShumway · 7 years ago
Followup question:
I have Signal running on my Linux computer and on my Android phone. On the Linux computer it doesn't have root access, but it does have access to its own files, so in theory there's nothing to prevent it from making a network request and updating itself. Additionally, I don't ever check Signal before installing a new update, I just blindly do it.
On my Android device, I also have auto-update turned on, because my only option is to turn it on for every app or none of them. So there's nothing to prevent Signal from updating itself and changing the crypto. If I were on an iOS device, I wouldn't even have that option -- to the best of my knowledge you can not turn off app auto-updates on an iPhone, but maybe someone can correct me if I'm wrong. In any case, it doesn't matter that Signal is updated "rarely". An attacker only needs to install one back door, they don't need to update it a hundred times.
So for an extremely typical user like me, who has been taught for as long as I can remember that the most secure thing you can do on an OS is install updates as they come in when they come in, doesn't Signal have the exact same problems as Mozilla? If someone compromises Signal's servers, can't they add a side-channel just as easily?
In theory, I could disable auto-updates and only update Signal when I looked at the source code, just like in theory I could examine the JS that I'm executing every time I connect to a site. But in practice, I don't.
When I read tptacek's rant nowadays, the immediate thing I can think is, "The web is malleable? Literally every single computing environment and device I own is malleable." It feels like if I were to take tptacek's advice to its logical conclusion, I would just conclude that ETE encryption in general is dead.
d_k_f · 7 years ago
Yes and no, depending on your threat scenario.
I would assume Signal to have a proper signing infrastructure in place, so that the keys used to sign new releases are not available to the server hosting/deploying the actual update files (or providing them to Google/Apple for that matter). So simply taking over that server would not be enough, as malicious updates could not be installed.
Assuming Moxie goes over to the dark side, however, you are screwed. There's nothing stopping your Signal app from bundling all your plaintext messages once you've entered your password and sending them off to China, save maybe a firewall you have in place. Google or Apple might stop such an update during their reviews, but I wouldn't bet on it.
danShumway · 7 years ago
Signing infrastructure does seem like a significant improvement over Javascript delivery, but does that also carry over to platforms like Windows?
Again, please correct me if I'm wrong, but Windows doesn't do anything with signing app updates, does it? Come to think of it, I'm not 100% sure my Linux version has this either, since Signal isn't being distributed as part of the official repos.
If Signal is being updated on Windows without validating any kind of signature, could a compromised server even pull off the "send a malicious payload to only one IP address" attack that people talk about with the web?
d_k_f · 7 years ago
While Windows does allow for code signing of executable files in general, I doubt Signal is using their system. The official windows store would probably work similarly to how Apple and Google handle updates, but Signal doesn't use it either.
You can always implement signing yourself, though, without relying on somebody else's infrastructure. Just include the public key in the app itself and use it to verify your updates are properly signed by your private key before accepting them. I haven't checked but assume/hope Signal is doing this with their updated JS packages.
If none of this were to happen, however, then the answer to your last question is "yes", though with a caveat: If Signal's servers are compromised and push out a malicious update, then all bets are off, as the app running on your system has access to all your unencrypted messages. If the compromised server is only one of the messaging/relay servers, however, things are not as bad, as they don't have access to your keys and thus can't decrypt your messages. They can still forward them somewhere else for later decryption, but thanks to perfect forward secrecy this is currently rather unrewarding.
danShumway · 7 years ago
So the takeaway I'm getting from this and a few other comments is that, in general, running automatic updates for most software is still more secure than not, since a 0-day is more likely than a compromised server.
E2E encryption is still valuable, because assuming that the codebase is delivered/signed separately from its app servers, it decreases the number of available attack points. It's usually easier to secure code delivery than it is to secure your entire backend/database. It's even easier than that to secure a private key that you never put on your delivery servers in the first place.
JS has some additional concerns regarding stuff like Spectre and random number generation, but ignoring those for a sec, E2E encryption is in theory viable and valuable on the web, assuming you've split your backend from your code delivery endpoint and are taking extra steps to secure those specific code delivery servers.
But E2E encryption on the web could be improved a lot if we expanded code-signing for browsers. We download code over SSL, but that's just to make sure no one MITMs the server itself. We could, in theory, have some kind of signing system for raw assets that was completely unrelated to the connection to the server -- a "only allow Javascript to download/eval on this domain if it's signed with a key that's not even stored on the delivery server at all" policy. But we don't have anything like that yet.
Is that a reasonable interpretation?
agret · 7 years ago
> On my Android device, I also have auto-update turned on, because my only option is to turn it on for every app or none of them.
Open the Signal store page and click the dots in the top right of the screen and untick Automatic Updates.
danShumway · 7 years ago
Oh crud, thank you!
I didn't know that, and there are a few apps that I definitely want to use this with. Why on earth isn't this part of the general settings?
floatingatoll · 7 years ago
If there’s a remote code execution vulnerability, normal users will update but you won’t. If you are voluntarily replacing automatic updates with manual processes, be sure to update Signal before using it each time, or a nation-state can tap a zero-day to infect all the experts who know better than to leave auto-update enabled.
brennebeck · 7 years ago
You can absolutely disable app and OS auto-updates on iOS.
quickthrower2 · 7 years ago
SSL isn't the only crypto you'd ever want to do though. What if you want encrypt data so that it is encrypted all the way through the layers of the application to the database? That's a valid use case to use in tandem with SSL. Also I have to mention cryptocurrencies.
cyphunk · 7 years ago
There are many use cases where compromise through code-interdiction after warrant is a perfectly acceptable risk. Also considering what it replaces may further increase the weight of privacy gain. Absolutism is definitely not the way to go, and looking at the state of the tech community (eg. npm, apt, pip, pacman, check that sha256 sum) we left the design-it-right-first a long time ago. A valid argument, though I wouldn't defend it to the death, is that we need to work slowly back toward more secure behaviors rather than chasing absolutely secure technologies. I think send.firefox is a step back from dropbox for some.
fastball · 7 years ago
Not relevant to me as all of my sites are entirely secured with SSL.
the8472 · 7 years ago
Fundamentally the situation has not changed much. You redownload the code every time and servers could deliver tailored compromised versions if ordered so by some TLA. Which means audits have limited values since they can't attest that what they have seen is actually what anyone gets.
Compare with native tools which you only download once, can check its signatures and which strive for reproducible builds so that multiple parties can verify them independently.
mehrdadn · 7 years ago
There was also a time just a few years ago when evangelists claimed JS/CS/etc. were just as fast as native (some said faster) and blasted you for suggesting otherwise, even when it was clear as daylight this was blatantly false. This mantra also suddenly just faded away once native compilers for these gained popularity. I guess reality hits you after some time.
Now I see a similar issue with security experts preaching that merely possessing a single piece of software with a single thing they classify as a 'vulnerability' implies you will be murdered within the next 24 hours, and it seems they'll happily DoS your computer, get you fired from your job, take your second newborn, and blow up your computer in your face if that's what it will take to make you finally feel real danger. Not sure why it takes people so long to see that reality isn't black-and-white, but better late (hopefully) than never.
tptacek · 7 years ago
It's not outdated; it remains fundamentally true. But I'm uncomfortable with people calling it a "legendary rant" because it was dashed off and I never promoted it as any kind of last word on the subject. There are better arguments against browser cryptography than mine.
In particular: you'd hope that WebCrypto would have changed things a bit, but, of course, it doesn't: it leaves all the cryptographic joinery up to content-controlled code. You're probably somewhat less likely to have side-channel flaws if you use it, but in reality timing side-channels are more talked about than seen. Who would bother, when they can just deliver a script that exfiltrates secrets directly?
idlewords · 7 years ago
You have said a bunch of useful stuff in HN comments that people end up pointing to, but in those comment rants you also have a tendency to leave things hanging or allude to things without further explanation (I think for fear of being boring), or to assume people understand the context of a long-running debate.
I think you should consider hoisting more of this stuff out into standalone blog posts that you can flesh out and also update as circumstances warrant. I don't think I'm the only one who has learned a lot from reading you, but often felt myself wishing it had been dumbed down a shade for beginners.
Maybe the best argument for it is that blog posts remain mutable and you can add and expand as necessary, unlike these HN posts that are frozen in amber.
tptacek · 7 years ago
This place has basically ruined me for writing. I used to sort of know how to do it! The idea of writing a top-to-bottom "browser Javascript is evil" post is intimidating to me now. It was intimidating when I wrote the post referred to above! And that one wasn't even good!
I'll work on it.
idlewords · 7 years ago
One idea is to get a volunteer or hired goon to simply collate your HN posts and post them somewhere editable. Then when you read them over, you'll be horrified and the editing instinct will kick in.
skrebbel · 7 years ago
I don't think it's you who made it legendary. I think it's the HN commenters who keep linking to it who did that (myself included, since yesterday).
And, well, you may disagree but to me it definitely reads like a proper rant :-)
Please note that I chose the words "legendary rant" with all the love imaginable and I had hoped you'd interpret it as nothing other than a compliment. I much appreciate your contributions to HN and the internet as a whole.
samirm · 7 years ago
>There are better arguments against browser cryptography than mine.
mind pointing to or sharing them?
josefresco · 7 years ago
In one of their videos, the URL is www.send.firefox.com - the others drop the www - is this intentional, a mistake? Why would someone use www before a sub domain like that?
fzzzy · 7 years ago
Looks like www.send.firefox.com was a mistake. It's not a valid way to access the service. The correct url is send.firefox.com.
Moru · 7 years ago
Because some people just don't recognize a Web address if it does not start with www. I see that all the time with our subdomains.
Causality1 · 7 years ago
Why does it have upload limits at all? Your client encrypts it, the data is sent over your internet connection to someone else's, their client decrypts it. Why would the data pass through Mozilla's servers?
arduinomancer · 7 years ago
Wouldn't you need both clients to be online at the same time to do that?
Causality1 · 7 years ago
Yes, but most people are online 24/7 anyway, and that number approaches 100 percent for "two people who need to move a file from one to the other right now". Hosted upload file sharing services are a dime a dozen now. How is this better than slapping something on Dropbox or Mega to send someone?
rkagerer · 7 years ago
If I've got this right, the file is encrypted using a secret key which is generated on the client and appended to the anchor in the link, like:
http://send.firefox.com/download/<fileid>/#<secret>
Anyone who obtains the link (e.g. via email interception) gains access to the file.
Since browsers don't transmit the anchor when requesting a resource [1], Firefox servers never see a copy of the key. Provided you trust their JavaScript.
[1] https://stackoverflow.com/questions/3067491/is-the-anchor-pa...
somebodythere · 7 years ago
> Anyone who obtains the link (e.g. via email interception) gains access to the file.
True, but, if a third party decides to use the intercepted link to download the file, and you have it set to a limit of 1 download, the file will self-destruct (if you trust Mozilla). This way, the recipient can know that someone has tampered with the communication, which is certainly an improvement over the status quo (email attachments).
zyngaro · 7 years ago
What is the use case of such a tool? Real a question.
ebg13 · 7 years ago
I don't understand what you're asking. The use case is literally in the title ("file transfer").
Sammi · 7 years ago
Open source peer-to-peer solution in the browser using WebRTC: https://file.pizza/
krferriter · 7 years ago
Wow that's really neat. Downside is it only works while the page stays open on the uploader's machine, while send.firefox.org uploads the file for a limited time to a central server so you can close the tab before the recipient downloads it.
liquid153 · 7 years ago
Is there a web plugin for this yet.
old-gregg · 7 years ago
If relevant Mozilla people are here: Send does not work if "Delete cookies and site data when Firefox closes" checkbox in FF preferences is checked. Even the page doesn't load [1]. It surely is a bug, because I am not closing Firefox.
That checkbox is #1 reason I only use Firefox.
[1] Developer console log output: "Failed to register/update a ServiceWorker for scope ‘https://send.firefox.com/’: Storage access is restricted in this context due to user settings or private browsing mode. main.js:38:10 SecurityError: The operation is insecure."
_rlx_ · 7 years ago
This is a current Firefox restriction: https://bugzilla.mozilla.org/show_bug.cgi?id=1413615
RJIb8RBYxzAMX9u · 7 years ago
You should be able to whitelist https://send.firefox.com/ with the "Manage Permissions..." button right next to that option.
I block _all_ cookies except for a small list of sites (like HN...).
F_r_k · 7 years ago
Swisstransfer.com is more or less the same, but with 25Gb and no sign up
hiq · 7 years ago
Regarding the differences, this website does not seem to encrypt the files on the server, and does not provide links directly, so you need to provide at least one valid email address, if only to send the link to you to then send it to the party you want to share the file(s) with. It's also not open-source AFAICT.
ksec · 7 years ago
I keep seeing comments about Search Revenue and keeping this free. It would be useful if Mozilla is getting more Firefox users out of it, but it likely won't be in any significant number.
So what happen once this get popular and waiting to be abused? Just like Mega. Who is going to continue and foot the bill?
cyphunk · 7 years ago
most abuse mitigated by their limits on the number of downloads allowed and how many days it can stay online. Currently at 7 days max and 100 downloads. If they see abuse they could reduce this further.
about revenue, there are so many valuable directions this can go. It could undercut competitors in ways they cannot sufficiently respond to. (google responding in kind would leave them less reason to not add encrypted storage for drive) By stabilizing this platform they can start to build new privacy-enhancing apps on top. Calendar, contacts, etc. With more dependency on the platform, they will find areas where more storage, longer retention, will be income generating.
privacy may be the only frontier that can displace google,apple,microsoft.
DINKDINK · 7 years ago
For senders and recipients who have execution privileges, OnionShare has:
Much lower trust assumptions
Functionality for dropboxes
euphoria83 · 7 years ago
This is great! It is a shame that Box and Dropbox need you to be a paying customer to be able to share password protected shared links.
hieloz · 7 years ago
That sounds great!
Tutanota also provides free encrypted file transfer service.-- Tresorit Send:https://send.tresorit.com/ ,which allows you to upload and share up to 5GB files using the same end-to-end encrypted technology.
agorabinary · 7 years ago
I'm quickly running out of excuses for still using Chrome...
Vinnl · 7 years ago
While I'm not sure if this is a reason not to use Chrome (you can use it in Chrome as well), trying Firefox is really just a couple of minutes work, and you can easily go back...
Here, I'll type the download link for you: https://firefox.com
marcus_holmes · 7 years ago
I'm working on a file sharing product, for the niche use case of sharing documents between family and professional providers (lawyers, accountants, etc).
Documents are mostly emailed to recipients at the moment (unless they're too large, in which case... um....). The main problem we see is that you end up storing documents in email attachments on your email provider, and using email search tools to try and find documents.
Would this end up the same, only with all documents ending up in the Downloads folder?
Am I wasting my time working on creating a cloud storage sharing solution, and be better working on a method of organising files on the drive, that can also send them to other people?
mrdoops · 7 years ago
Generate a temporary link that, when clicked sends an event to your system to deprecate the link and redirect the user to a presigned S3 download. In my case the file attachment was the product and it was important the system know when someone had downloaded, but a backend system that keeps temporary urls and requests a temporary download link from the file provider is a useful pattern. Nice thing about signed links is your server doesn't have to handle the file - it's between the client and storage provider.
marcus_holmes · 7 years ago
yeah, I've implemented that temporary link system together with link expiry by date, by access count, and link passwords.
I'm encrypting the file on arrival, and storing it encrypted, so it has to route back through the decryption stream. But I could move that to a separate module and replace it with signed S3 if there was benefit.
77ko · 7 years ago
Why have a file transfer for imp docs when you can have a single authoritative source of truth for those docs, along with version history and who changed what.
So why not just use Google Drive (or dropbox)?
I feel with features like secure file sharing (though only with other ppl with google accounts), reasonably good security[1] and Inactive Account Manager[2] it should work for legal docs. Especially considering Google is going to be around for a while.
I would rather use a Mozilla offering but they don't really have too many things for regular consumers outside of firefox and send.
[1]: https://myaccount.google.com/security [2]: https://support.google.com/accounts/answer/3036546?hl=en
marcus_holmes · 7 years ago
There are file sharing use cases not covered by Google Drive or Dropbox. Briefly:
Google reads (and censors, not that that would be an issue) anything added to Drive (and uses that data to target ads at you). And Docs is primarily aimed at collaboration rather than secure file sharing. And revoking permissions isn't easy. And it's all tied up in to Google identities, which may or may not be a recipient's personal Google ID rather than their professional ID - everyone has a separate work email, not everyone has a separate work Google ID.
Dropbox is designed to synchronise a folder between two devices. You can use it to share documents, but that's not what it was designed to do. And if someone deletes it off the shared folder, it gets deleted for everyone... not ideal in this use case. It also creates a dropbox folder on the user's hard drive, and will automatically upload anything in that folder, and copy that to everyone else sharing that folder... it's democratic when this use case needs to be authoritarian.
Does that make sense?
acnjgg · 7 years ago
been using this for several months. have used it to send all kinds of files be it malware to large files. it used to accept everything. but now it asks for sign in.. why would they do they though
JonathonW · 7 years ago
As I understand it, this "guarantees" privacy by embedding the key in the link-- if that's generated client-side, it never gets sent to Mozilla's servers (assuming they don't go out of their way to grab it via JavaScript) and you can have end-to-end encryption.
But, if I'm logged in, it looks like Mozilla's storing that fragment on their servers: if I upload a file from one browser, then sign in on a different browser, I can see the link I generated (including the fragment) from the first browser in my list of uploads, and I can download the file.
Doesn't that negate their end-to-end encryption if Mozilla servers have access to the keys?
dcoates-moz · 7 years ago
The data that's synced when you log in is also encrypted, with a unique key derived from your Firefox Account called a scoped encryption key. Your key changes when you change your password. We, (Mozilla) don't know your key (and don't want to know it). Disclosure, I implemented the sync feature of Send.
justinc8687 · 7 years ago
This is cool, but I’m wondering if there is some sort of “secure drop box” equivalent. Basically I generate a set of GPG keys, anyone can post to a web form which encrypts the uploaded data, in browser, using my public key, and uploads it somewhere (my server, s3, Dropbox, doesn’t matter as the private is local on my computer). I could then download the files, decrypt them locally and use them.
We get a lot of customers who want to send us secure data (customer info, etc...) and I’d love a way to make it easy for the customer but still secure.
Does something like this exist, or is this still a pipe dream? Basically FF send, except I provide a known public key to use, rather than it being generated on the fly, requiring the user to find a way to send it to me out-of-band.
RoadRunner_23 · 7 years ago
File Transfer https://xkcd.com/949/
Hope Firefox Send solves this ever present problem ;)
mirimir · 7 years ago
FWIW it works in Tor browser, with no CAPTCHA. Nice.
solarkraft · 7 years ago
Bur Firefox is a browser. Why would you associate this with Firefox instead of making it a Mozilla service? It only leads to the Firefox brand deteriorating even more quickly.
MrXOR · 7 years ago
Nice, but transfer.sh[1] > Firefox send
pyyu · 7 years ago
There's croc with relatively small binary for all non-mobile platforms: https://schollz.com/software/sending-a-file/
vanous · 7 years ago
Tried it and it seems cool. Too bad that there isn't an addon to create a provider for Thunderbird 's filelink.