Hah, another way to annoy Amber Rudd.
So encryption must be done in the brower (it looks like there are a few JavaScript implementations of AES).
The encryption key is apparently part of the URL: from the video on the site, the URLs seem to be in the format https://send.firefox.com/downloads/<10-hexdigit doc ID>/#<22-character base64 encryption key>
22 base64 characters is enough for 132 bits of information, which would accommodate an AES-128 key with bits to spare.
You send the link to the intended recipient, but presumably when you upload the file Mozilla only gets the URL before the fragment identifier (the pound/hash sign).
Of course, sending the link by unencrypted email kind of defies the point, and if encrypted email was available, then you wouldn’t need the service – unless it’s purely about avoiding size limits on email attachments, and the encryption is just gravy.
