Mozilla Send: a single-serving website that lets you send a file to someone


#1

Originally published at: http://boingboing.net/2017/08/03/mozilla-send-a-single-serving.html


#2

Oh neat. Seems useful.


#3

This is interesting, thanks for the heads up :slight_smile:


#4

Sounds like it could be real handy! There’s alternatives, of course, but I could do with something easy to use, without need for accounts, from someone that seems fairly trustworthy, and with encryption, to boot!


#5

You could probably rig a way to run UUCP over that.


#6

My first thought was “how long before it shuts down due to turning into the next great piracy host?”

From info page:

Send will only store your files for one download or 24 hours.

Yay!


#7

Hah, another way to annoy Amber Rudd.

So encryption must be done in the brower (it looks like there are a few JavaScript implementations of AES).

The encryption key is apparently part of the URL: from the video on the site, the URLs seem to be in the format https://send.firefox.com/downloads/<10-hexdigit doc ID>/#<22-character base64 encryption key>

22 base64 characters is enough for 132 bits of information, which would accommodate an AES-128 key with bits to spare.

You send the link to the intended recipient, but presumably when you upload the file Mozilla only gets the URL before the fragment identifier (the pound/hash sign).

Of course, sending the link by unencrypted email kind of defies the point, and if encrypted email was available, then you wouldn’t need the service – unless it’s purely about avoiding size limits on email attachments, and the encryption is just gravy.


#8

Thank Dog, finally!


#9

Also:

That link will expire once they’ve downloaded it

So, there is no way that this could ever become a way to pirate mass files to the masses.

It’s really a way to send one file to one other person. Quite useful, actually.


#10

This seems really useful. I bet they could get small companies to pay a little something for the service if it allowed them to use their own domain names via host redirection or something (e.g. filesend.example.com redirects to Mozilla’s service).


#11

Great idea but because it uses browser-based encryption, it does not work with all browsers, including older FireFox browsers. Was able to send a file using Chrome on MacOS 10.9.5 but was unable to receive it using Safari on my iPhone iOS 10.3.3 Safari. For now, make sure your intended recipient has the ability to receive before bothering to send.


#12

Definitely a useful option to have.

Also, obligatory:


#13

If you’re sending the link by unencrypted means, then the encryption and one-timiness maybe marginally increases the security as compared to an unencrypted email attachment.

  • a plaintext email attachment sits around unencrypted on servers, so an attacker who gains access to sender or recipients’ email at any future time, also gains access to the attachment.
  • an attachment sent via this service is accessible only to an attacker who downloads the file before the recipient, and they have to be willing to be “noisy” - the link won’t work when the intended recipient tries to download, a detectable condition.

If you’re sending the link by encrypted means, then the encryption is necessary to avoid diminishing security. Attachment file size limits can be so small that they compromise security by forcing people to downgrade security in exchange for larger file sizes (an rock solid secure encrypted email saying “here, I put it on dropbox”) so this can extend the usefulness of those services.


#14

For most applications, couldn’t you just email the file, instead of a link to the file? How many Edward Snowdens are there, compared to the number of people who dream about being Edward Snowden?


#15

Depends what kind of files you need to send.

If you mostly send around office type documents and smallish spreadsheets - sure.

If you mostly send around big database extracts or practice-at-home videos of last night’s dance rehearsal - not so much.


#16

Yea, I thought enormous files might be an application. Myself, I never do that, but I hear video is a thing in the 21st century.


#17

I once had someone send me a presentation. They no longer had the slide deck, but did have a ~500MB video file of themselves giving the presentation at a conference. It took many tries to find a file sharing service we could both access on our work computers. I think we settled on a Dropbox link, luckily it didn’t need to be kept secure.


#18

I email files to myself to read them in the living room.


#19

This topic was automatically closed after 5 days. New replies are no longer allowed.