- cross-posted to:
- privacy@lemmy.ml
- selfhosted@lemmy.world
- cross-posted to:
- privacy@lemmy.ml
- selfhosted@lemmy.world
Made a small file host focused on not leaving a trace.
- No account, no ads, no trackers
- You set when the file deletes itself (1 hour to 30 days, or after X downloads)
- Optional password on files and notes
- Reachable over Tor via an onion service
- Self-hosted
For when you just need to hand someone a file without it sitting on a server forever or asking them to sign up anywhere.
You must log in or # to comment.
My only real question I have since there isn’t any source code listed.
How secure/private is the actual file storage service? It runs over the onion project which is nice but, without source code there’s no proof or evidence of encryption, nor proof that files actually delete as well as other logging style services that a privacy oriented service would normally have.
Hello, there is currently no end-to-end encryption on the server I’ll explain why below. The reasons why
True end-to-end encryption (where I literally can’t read your files) means the server only ever sees encrypted blobs. The problem is, that also means I can’t scan anything, and right now every upload is checked against known CSAM and run through malware scanning.
Go fully zero-knowledge and I lose that capability entirely, which on an anonymous host is a real problem it basically turns into a blind dropbox for whatever people want to put there.
So it’s genuinely one or the other either I can see enough of the content to keep it clean, or I can’t see it at all and can’t keep it clean. I chose to keep it scannable, because for an open anonymous service, I think being able to block that kind of content is more important.
That’s the real reason there’s no at-rest encryption not laziness it would compromise security. I’m open to hearing how you’d weigh the pros and cons, though.
What about people uploading said files in an encrypted manner?
You could do client-side scanning instead while checking a signature of the client’s js to ensure that it is your code that’s running.
Never trust the client lol
The ToS says illegal content is removed, which probably means there’s no encryption. And some file extensions are blocked which is weird. Files should be encrypted in the browser and not unencrypted at the server.
Use Firefox Send or OnionShare or something instead…
https://0x0.st/ is still goat!
deleted by creator
Finally! A replacement for BTSync. I’m encouraged to see that it runs on Tor since my first instinct would be: “this is a security nightmare”. Of course, it could still be a security nightmare but at least they are using the right tech stack to achieve security. It’s more about the implementation at this point and I’m too lazy to check the source code.
deleted by creator
The second I did more reading about it, I honestly wouldn’t touch your app with an 2000 foot pole.
Open source it or this should be considered spam or malware. I recommend the AGPL 3 license.
What’s the point of open sourcing here?
This seems ideal.
My comment has no substance because I just want to find this post easily later.
deleted by creator
It is NOT ideal. The statements from the dev lead me to recommend treating this app as malware.
Lemmy has a “Save” feature?
Yes, but i save things far more often than i comment.
This is great, but how come am I getting an insecure warning from this site?
Compared to CopyParty, been using it for few months now, does it also means no directory and no way to explore, namely dropping files more than organizing?
I use P2P, eg. AlterSend, FOSS, no account, encrypted, no size limit, no server in the middle. Mac, Windows, Linux, iOS, Android - one shared protocol
That face in the bottom right corner is creepy as fuck.
