127

Send: Share Files Safely with This Open-Source Successor Of Firefox Send(Firefox Send Fork) (techwavearena.com)

submitted 3 days ago* (last edited 3 days ago) by dl007@lemmy.ml to c/opensource@lemmy.ml

31 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] RmDebArc_5@sh.itjust.works 13 points 3 days ago

How it works: I don’t know about this service in particular, but usually the shared contains the encryption key so like this: example.com/files/file_id/encryption_key or something similar

As for trust: This appears to be a individual, so you will have to just trust it when using the public instance. However, since it is FOSS, you can audit the code and spin up your own instance

[-] halm@leminal.space 4 points 3 days ago* (last edited 3 days ago)

spin up your own instance

Absolutely. If you're at all worried about sending files through third party sites, set up your own. Provided you trust your own security skills, of course.

I would certainly be more interested in having an install under my own domain than using some rando's that I don't know.

[-] peregus@lemmy.world 1 points 3 days ago

How it works: I don’t know about this service in particular, but usually the shared contains the encryption key so like this: example.com/files/file_id/encryption_key or something similar

But if the key is in the URL, that's provided by the server, where's the utility of the encryption since the server knows it and so does everyone that has the URL?

[-] flux@lemmy.ml 1 points 3 days ago

So the trick is to use the #fragment part of the URL, that is not sent to the server.

Of course the JS one downloads from the server could easily upload it to it, so you still need to trust the JS.

[-] peregus@lemmy.world 2 points 3 days ago

But the JS code could be checked on the webpage, correct? If so, the page could be trysted (if vetted).

[-] flux@lemmy.ml 2 points 2 days ago

In theory, yes. But if you follow the link and that leads to downloading the JS and running it, you're already too late inspecting it.

And even if you review it once (and it wasn't too large or obfuscated via minification), the next time you load a page, the JS can be different. I guess there could be a web browser extension for pinning the code?

The only practial alternative I know of is to have a local client you can review once (and after updates).

this post was submitted on 05 Nov 2024

127 points (98.5% liked)

Open Source

31077 readers

785 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago

MODERATORS

Cloak@lemmy.ml

kevincox@lemmy.ml

CrypticCoffee@lemmy.ml

Lettuceeatlettuce@lemmy.ml