
Show HN: NoFile.io – A simple file storage site with lots of perks - NoFile
https://nofile.io
======
Sir_Cmpwn
I have some thoughts for you as someone who's done this before. I used to run
a file hosting site called MediaCrush with a buddy of mine. It was moderately
successful, but we ended up shutting it down. I later switched to a file host
called pomf.se, which eventually was shut down as well. I wrote a blog post
that sums up my thoughts on public file hosting:

On the profitability of image hosting websites -
[https://drewdevault.com/2014/10/10/The-profitability-of-
onli...](https://drewdevault.com/2014/10/10/The-profitability-of-online-
services.html)

I suggest you read it. In a nutshell: don't.

The problem is growth. It will quickly get too expensive and you will not have
nearly enough revenue to support it. I _guarantee_ you it will happen.

Currently I run a file hosting service with controlled growth. Accounts are
not available to the public - you have to apply for one, and I approve them
conservatively (130 approved, 137 rejected users as of writing). All users are
also expected to donate. I think all new file hosting sites should take link
rot seriously and if they don't it's a net negative on the internet. I hate
that if I look at a forum post written >5 years ago, odds are all of the
images will be broken.

If anyone wants an account on my website, I might be inclined to approve a few
today: [https://sr.ht](https://sr.ht)

~~~
AnneDev
I think that in the end, the way to really address these issues is with
WebTorrent or a similar service. When you're online, you should be:

    
    
        1. contributing your own bandwidth to the images you upload
    
        2. contribute your own bandwidth to the images you look at.
    

If you look at an image, maybe you should be required to seed it twice over.
If you upload your image, maybe you have to seed it at least 10 times for it
to stay up past a certain deadline.

As a user of image websites and, well, websites in general, I'd gladly
contribute my bandwidth to help the services run. Or even act as a mirror
rather than a shared peer.

What do you think about that? It could lessen the load on the image host and
help scale things. I just can't seen this happening if you embed an image
directly unless you embed iframes or require users to go to the site itself.

~~~
exDM69
Although the idea is great but I'm not comfortable with the legal implications
of "seeding" the stuff I view. It might work in some legislations but I'd be
putting myself in too much risk under my local law.

~~~
rorosaurus
What if everyone "seeded" random content that others are browsing? Sort of
like a Tor Relay for P2P traffic. Everyone assumes some small responsibility
and yet could argue plausible deniability.

~~~
johnmaguire2013
I believe Freenet and IPFS are both built on this idea.

------
mrspeaker
Just in the way of feedback (and I might be really out of the loop/not your
target market!) but here was my brain-in-action after I clicked on the link
from HN:

"Hmm, this looks pretty... what is it for?

It has a huge area that says "click here or drag and drop to start
uploading"... but uploading what? And why?

Let's scroll down and read the 'about'!: "Fast", "Compatible", "Encryption"...
um... ok but WHY?! Is it personal file storage for me (Like Dropbox?) or is it
like a public FTP server? Or something else? If I drag and drop my tax return
there is it suddenly shared with the entire world? Why do I want this thing?!
Back to the HN comments to find out more!"

Something like that anyway! According to the comments it seems to be more like
a rapidshare/mega thing - and now that I get it I'll keep this site in mind
for sure!

~~~
Nullabillity
I guess it might be a cultural thing, but it seemed pretty obvious to me that
it's something in the style of Mediafire/RapidShare/Hostr, before they all
went to crap.

~~~
Kudos
Err, Hostr founder here. Not sure if I'm happy that it was mentioned, or sad
that it went to crap :P

~~~
Nullabillity
To crap was a bit exaggerated, sorry. :P

Localhostr was great for a while for just uploading stuff without needing to
bother with accounts or RapidShare's wait-a-minute-or-pay thing. It makes
sense why you scaled back the free version (I can imagine that these services
quickly get expensive to run..) and started requiring accounts. But personally
that's the point where it was roughly equally annoying to upload to Hostr and
my own server, and so the latter just made more sense for me personally.

~~~
Kudos
Yeah, dropping anonymous uploads made my life so much better. I'm a solo
founder of a side project, it's just not worth it.

------
megawatthours
From looking at "upload.js" you are using AES in counter mode.

    
    
        var aesCtr = new aesjs.ModeOfOperation.ctr(encryptionKeyBytes, new aesjs.Counter(-1));
    

Please use
[https://github.com/bitwiseshiftleft/sjcl](https://github.com/bitwiseshiftleft/sjcl)
which supports a very high-level sjcl.encrypt(passphrase, plaintext) API and
has been audited, instead of using crypto primitives.

One specific issue is you are only encrypting, not authenticating, so if the
servers are compromised someone could send back a fake plaintext.

~~~
jamescostian
Re authentication: the site uses HTTPS, and doesn't HTTPS provide
authentication that you are connected to the right server, receiving only data
from that server (assuming the server and it's contents aren't compromised)?
Or are you referring to another type of authentication

~~~
Nullabillity
> assuming the server and it's contents aren't compromised

That's the assumption that file authentication would remove. Well, assuming
that the server isn't also sending a backdoored client..

------
oron
I'm operating DropJar.om and I can say it's a big headache. For some reason I
keep getting DMCA notices from all kinds of lawyers and the occasional take
down notice from police when ISIS videos are uploaded there. No income and
tons of complaints. [http://dropjar.com](http://dropjar.com)

~~~
GunlogAlm
There's a referral link in the lower right corner of your site. A few seconds
after the page loads, clicking _anywhere_ on the page takes you to
hidemyass.com.

I don't know if this was intentional on your part, but if so it's pretty
deceptive.

~~~
oron
That's part of trying to monetize it ... unsuccessfully, bu t I agree with
your observation, I should take it down. They way it works right now is
misleading.

~~~
shostack
Um... Isn't it downright against the TOS of that affiliate program? This is in
line with every shady torrent site that hijacks clicks to force an affiliate
link. Is this not outright cookie stuffing?

~~~
oron
I am sure it is. I had a link on the bottom right saying "check out HMA" the
fact the click on the background opened that window was a bug, I don't believe
someone would buy HMA just because I opened a tab with it ...

------
sullivanmatt
I see 16 bytes of hex after the anchor slug for the encryption feature, e.g.
for
'[https://nofile.io/f/86JiUNYM6QK#5827800f46cef978'](https://nofile.io/f/86JiUNYM6QK#5827800f46cef978'),
the key is '5827800f46cef978'.

The key is absolutely does not contain enough entropy, because your key
material is only comprised of the ascii-printable hex chars converted into a
byte value. So instead of a byte having 256 different possibilities, a byte
now will only be one of 16 values. Bruteforcing these keys would be incredibly
trivial. To decode the hex into actually random key material, you would have
needed to do something like hexToBytes("5827800f46cef978"), which would yield
a correctly random byte array of [88, 39, 128, 15, 70, 206, 249, 120]. Note
that this is half the proper key size required for AES-128.

I also want to echo the concerns already voiced by others in saying that key
material needs to be generated from a strong random provider, and not just
from the hash of the file.

I say this in the interest of privacy of those who might use your service, so
please don't take any offense: please disable the encryption feature entirely
until you can get assistance from someone with extensive experience in
implementing crypto, because as it exists now, the implementation is fatally
flawed.

------
kk_cz
Looking at the name first I thought it was some kind of parody - like
/dev/null for uploading servers... Yeah, feel free to upload whatever you
want...

The About section fits:

FAST - yeah, nothing faster than /dev/null, ok :)

Compatible - sure, why not.

Encryption + Secure - sure, it's hard to get anything out of /dev/null :)

Simple - no kidding...

The first hint that it might actually not be a parody site was the Preview
part and then the file size limit in FAQs.

Even the Which file types are accepted? / All of them. combo works great for
the /dev/null premise.

------
thewavelength
Great design & feature set.

Feedback: the navigation bar at the top is quite unusable from an UE point of
view. The positions of the icons (and therefore the hovering position) change
as the mouse hovers them. It is quite annoying.

Also, in the FAQ: "How can this be a free service? Magic" This sounds to me
as: "stfu, don't ask, you are not clever enough to understand" or "there is
some dirty way to get money from you, better don't ask".

~~~
timup
I agree with both comments, especially the faq language. Often times,
lightheartedness in the tech space comes across condescendingly. A simple
explanation here would suffice...and if it is truly magic, I'm all in.

------
arekkas
What's different to so-called 1-click hosters (rapidshare, mega, uploaded,
...)? What's your business model? How do you want to keep DMCA claims at bay?
Does this work mobile?

~~~
NoFile
_What 's different to so-called 1-click hosters (rapidshare, mega, uploaded,
...)?_

The main difference is that nearly all of these hosts specialize in a specific
type of storage. As an example MEGA forces all users to client-side encrypt
files before uploading which is useful for sensitive files, but it comes with
the cost of incompatibilities with older browsers and devices which can't
decrypt/download the files.

Uploaded provides lots of space for the uploaders, but then pushes all users
to its premium plan. The site is ridiculously slow to use as a free user as
they cap download speeds to 50 KB/s (they bump it up to a 70 KB/s if you take
the time to sign-up).

NoFile bundles all the perks of the different hosts and gives the user more
options and fewer limits. You can upload large files and choose whether you
want to password protect, encrypt or disable previews for your file while
still giving the downloaders speeds of at least 2 MB/s.

It's just a simple file host that allows you to share files without having to
worry about the downloaders being infected with a virus, not being able to
download

 _What 's your business model?_

At the moment there is no revenue source. As costs for the hosting go up,
there will be a more "humane" premium plan added in the future, but it will
targeted to very frequent users and as a free users you won't be affected by
the changes.

 _How do you want to keep DMCA claims at bay?_

If a valid DMCA request is sent in together with a link then we will be forced
to respect the content creator and take the link down.

 _Does this work mobile?_

This works on every single device regardless of whether you have Javascript
enabled or not. If you however enable the client-side encryption feature
(currently in BETA) which is disabled by default then users on older browsers
and devices won't be able to download your file.

~~~
ferbivore
_At the moment there is no revenue source._

So what makes you think your fate will be any different than that of all the
other free file hosts that have had to resort to advertising in order to
survive?

~~~
NoFile
The site will simply not operate with large margins like other sites. The cost
of keeping the servers and development running will be covered by a premium
plan that's targeted to heavy users.

~~~
ferbivore
Isn't storing and serving terabytes of stuff pretty expensive? How many heavy
users do you think you'll manage to win over in the first place, much less
convince them to pay for the privilege of uploading their 100GB of illicit car
diagnostic software to your website? Do you have an actual niche you plan to
target?

I don't mean to be negative, it's just that I've seen the transition from free
to freemium to ad-supported to Rapidshare to dead happen over and over again.
These services don't seem to operate with large margins - from the outside, it
looks more like all of them are on the brink of bankruptcy.

~~~
NoFile
A few years ago bandwidth and storage was much more expensive than it is
today.

Rapidshare was a service that had to swiftly and reluctantly change their
business model. They were operating out of large offices with over 60
employees and due to the change they saw a sudden drstic drop in revenue.

Rapidshare's financial information isn't public since it's a private company,
but one could argue whether they were actually losing money or not making the
profits that they expected at the time of the shutdown.

~~~
gressquel
I think Rapidshare earned tons of money. At one time RS was the go-to filehost
for pirated material. They had almost anything you wanted, and they seldom
removed files.

Then came the FBI raid against various filehosts. I remember few of the other
hosts got taken down and charged, while others shut their site down as
precaution. I remember Rapidshare starting their decline during this phase,
something tells me Rapidshare did it on purpose and 'ran away' with the earned
money before the feds got them.

Well thats my theory :)

------
daemonk
I like it. But I would like a more concrete answer to how long the files are
kept. "As long as possible" is not really a great answer. I don't expect it to
be there indefinitely, but something like "For at least 5 days. And no
guarantee longer than that" would be fine with me.

~~~
NoFile
It's a difficult question to answer exactly how long a file would be kept as
the deletion is based on two factors:

\- How active the file is (e.g if the file isn't downloaded in X days).

\- How much space that's available on the storage servers.

As mentioned in a previous comment, the site's operating on small margins so
the majority of the income will go to expanding the storage in order to make
sure that your file is never deleted (unless you request).

At the current rate your file would never be deleted (again, unless you
request it) and at a bare minimum your file will be stored for at least a week
without downloads so you don't have to worry about your file being deleted
before your downloaders get to it.

This will be updated in the FAQ section to avoid confusion as well, thanks for
pointing it out.

~~~
daemonk
I understand there is a technical aspect of how long you keep the files. But
the end users probably don't really care. When I use a service like this to
transfer a file to someone else, I would like to be able to write a message to
the other person saying, "please download this file in X days".

------
fcremo
I might be wrong, but it seems to me that the encryption key for the file is
the truncated SHA256 hash of the file itself. This is not how you want to
generate an encryption key.

Edit: also, password protection is enforced server side, and has nothing to do
with encryption

~~~
NoFile
The key is the truncated hash of the file for the purpose of file
deduplication. However, it will not impose any security risks as the person
who wishes to decrypt it would have to know the hash of the file which
requires them to already know the contents of the file making it useless.

The password encryption is indeed server-side, but it is mainly there to
protect the file against anyone who somehow finds/guesses the URL and it's a
useful feature if you want to slightly increase the level of security without
encrypting the file with AES.

~~~
megawatthours
> would have to know the hash of the file which requires them to already know
> the contents of the file

That is incorrect. Knowing the hash does not mean you know the contents of the
file. You should generate encryption keys randomly, preferably using a secure
random method such as that shipped with SJCL, rather than JavaScript's random
API.

~~~
NoFile
Unfortunately it's required for the file deduplication. Although it slightly
degrades the security it's not serious enough to impose any security risks as
the attacker would already have to know the hash of the file which almost
always requires them to know the contents of the files.

Random strings and numbers are also securely generated through a CSRPNG with
window.crypto.getRandomValues().

------
overcast
Just curious, why would a file storage site name themselves "nofile"?

~~~
83457
I thought it was a joke so scrolled down the page. Thought there was going to
be a punchline at the bottom.

------
kentwistle
FAQ says "What's the file size limit?: 10 GB."

Tried to upload a 9.66 GB test file but am getting following error message

"File Size Limit This file is too large. The largest file size that can be
uploaded is 1.25 GB"

What am I doing wrong?

~~~
zalanak
Looks like either a type on their page or code. Because 10 Gb == 1.25GB.
Mixing bits and bytes somewhere

~~~
NoFile
The page states 10 GB (not Gb). To be completely correct the precise limit is
10.2 GiB.

------
orless
I liked the service but I'm afraid it will end up like all the 1-click-
hosters: as a storage for pirated content, blacklisted in most corporate
networks.

Few comments:

Animated backgroud is very distracting. I'm constantly reacting to the new
icons floating into the screen.

Underlined "Or" in "Click Here Or Drag & Drop To Start Uploading" makes me
think it's some kind of a link. Any reason to underline it?

If I upload multiple files (which worked well) I want to be able to copy all
the URLs at once. Displaying them in a text box would be good.

~~~
NoFile
The reasons to why NoFile won't become a storage site for pirated content is
that uploaders aren't rewarded for downloads.

"Animated backgroud is very distracting. I'm constantly reacting to the new
icons floating into the screen."

Another user pointed this out and a toggle for the animations will be added to
the settings so that you can turn them off.

'Underlined "Or" in "Click Here Or Drag & Drop To Start Uploading" makes me
think it's some kind of a link. Any reason to underline it?'

It's underlined just to separate the two options (clicking and dragging) for
those who just read the "Click Here" part and assume that the rest of the
sentence is just a description to why they should click here (e.g "Click here
to start uploading your file").

"If I upload multiple files (which worked well) I want to be able to copy all
the URLs at once. Displaying them in a text box would be good."

Instead of a text box there could be checkboxes next to each file allowing you
to copy URLs and delete files in bulk. We'll work on adding this as soon as
possible, thanks for your suggestion.

~~~
pjc50
> The reasons to why NoFile won't become a storage site for pirated content is
> that uploaders aren't rewarded for downloads.

This is a very very naive view of the situation. You're allowing user A to
upload content which can be downloaded by an infinite(?) number of other users
they give the link to. Therefore it will be used for piracy. And worse.

Edit: actually, a free unmonetized file hosting site? In this day and age?
Behind whoisguard and cloudflare? Ideal law enforcement honeytrap tbh.

~~~
m-j-fox
This guy gets it. But hey if the NSA wants to provide free hosting that is
private and secure -- or apparently so until the drones level your
neighborhood -- that's fine.

------
zhan_eg
"Encryption - Protect Your Files

Protect sensitive files with encryption. Only users with the URL will be able
to view it. "

This is not encryption - you should change the copy to tell what encryption is
used (AES-128 from the info here), even if it's beta. Some more information on
that will be welcome.

~~~
libeclipse
They may be encrypting the file with a parameter passed in the URL. In this
case, assuming no logs are kept, it would be a reasonable encryption setup.

~~~
NoFile
The encryption key is passed after the hash (#) in the URL. Therefore the keys
are never sent to the server over the HTTP request (more info about this can
be found here: [https://nofile.io/security/](https://nofile.io/security/)).

------
jacquesm
I give it a week or two before it gets shut down because of the inability to
deal with uploads of child porn and other disgusting stuff.

Best of luck anyway, and good luck dealing with law enforcement. Make sure you
put some text on the front page indicating that you will collaborate with LE
and it might save you from a little bit of bad stuff.

I ran something like this for a couple of years and shut it down because I was
tired of dealing with the filth.

------
JamesBaxter
"There's nothing more annoying than selecting a file and having it removed due
to a disallowed file type, therefore all files are allowed*."

CTRL+F finds no other asterisk on the page, what's the caveat?

~~~
NoFile
Currently all different file types are accepted so the asterik has been
removed - thanks for pointing it out.

------
test1235
The PDF preview doesn't show my PDF ... is that a placeholder or someone
else's file?

[http://i.imgur.com/IEHrxm7.png](http://i.imgur.com/IEHrxm7.png)

[https://nofile.io/f/KrLDHQyKt4J](https://nofile.io/f/KrLDHQyKt4J)

~~~
NoFile
This was caused by a bug and the PDF preview had been briefly replaced by a
placeholder.

You should now be able to see your own PDF instead of a placeholder, thanks
for pointing it out.

------
calvinbhai
I have a tough time trusting a new service where I cannot figure out where
this business is located / registered, where they have a physical presence,
the person/team who built this service. Having more details in an About Us
section would help it look more legit.

~~~
NoFile
We'll try to work on this. More importantly you can enable the encrypted
upload feature for sensitive files if you do not trust the storage servers.

------
allan_s
Can you remove the animation at the beginning, I've a bad vision and I could
only read the text once it stopped moving, and I don't think this animation
adds anything except eating the few seconds I give to a new website before
choosing if I leave or stay. (at the opposite of the background animation that
is okay)

------
brak1
> How long are my files kept?

> As long as possible

What a stupid answer to that question! (it gives more info - "You can set an
expiry time by pressing the "Options"-button that's next to your uploaded
file, otherwise your files will float in the clouds for as long as possible."
\- but it still doesn't really give any answer)

~~~
cyberferret
Well, in all honestly they can't really say "forever" or "indefinitely"
because that is really an impossibility. How long is "forever" in your
estimation? 10 years? 100 years? a thousand?

In all likelihood, the internet itself might evolve into something different
in that time. This service might get bought out, or shut down, or the original
founders may (fate forbid) get hit by a bus next week.

Setting any sort of indefinite limit is opening themselves up for legal action
if it is even one minute less than someone expects. "As long as possible" at
least is honest enough to say that as long as there is enough interest to keep
the lights on, they will be there.

~~~
gutnor
You already assume that the scale of the retention will be in years.

What makes you think that ? It may be days, where "as long as possible is "we
hope to keep the files a few weeks".

Without some sort of project plan you don't know if NoFile.io is aiming at
snapchat for file, or S3 for everyday Joe.

------
joelennon
Nice work, looks like an interesting project. I do think your site copy could
do with some work though. It's not entirely clear from the current text what
the service actually is - is it for sharing files with others, is it a Dropbox
competitor or is it an S3 competitor?

The following phrase made me feel a little uncomfortable about using the
product.

"How can this be a free service? Magic. In the future a paid service will be
introduced offering more awesome features, but don't worry it shouldn't affect
the free service."

I'd rephrase this - definitely remove the _shouldn 't_ as that tells me that
while my files shouldn't be deleted, they might be.

Finally, just a minor thing, but the down arrow under the "Click Here Or Drag
& Drop To Start Uploading" doesn't work for me (latest Chrome on Mac). I
assume it should scroll down the page but it didn't for me at least.

~~~
NoFile
Dropbox and S3 are too far from us right now and I wouldn't call them
competitors.

NoFile is a simple tool that allows you to quickly share files with lots of
options, nearly no limitations and at the same time as you don't have to sign
in.

"I'd rephrase this - definitely remove the shouldn't as that tells me that
while my files shouldn't be deleted, they might be."

You're right about that as the premium plan will never lead to files uploaded
by free users to be deleted. The premium plan will only be targeted to more
heavy users and won't affect the free users.

"Finally, just a minor thing, but the down arrow under the "Click Here Or Drag
& Drop To Start Uploading" doesn't work for me (latest Chrome on Mac). I
assume it should scroll down the page but it didn't for me at least."

The button was indeed not working and it's now been fixed, thanks for pointing
it out.

~~~
nwellinghoff
"NoFile is a simple tool that allows you to quickly share files with lots of
options, nearly no limitations and at the same time as you don't have to sign
in"

put that on the top of your page!

------
weewooweewoo
Does anyone remember the name of the file hosting platform that had a music
player built into it? It was so goddamn elegant and easy to use, but was
bought out by Facebook. It was a huge staple for me all throughout high school
for my band, it's kind of shame that there was no way it could have been
viable.

~~~
mastax
drop.io?

------
danielsamuels
Some initial feedback:

    
    
      * Title Case Everywhere Looks Weird  
      * Hovering over 'resolution' on the detail page shows a tooltip with the text 'Upload date'  
      * I uploaded a .NEF file and it seems to think it's 160x120 (it's actually 6000x4000)  
      * The buttons next to the link field on the detail page are not the same height as the input.  
      * When uploading the background icons become jerky (presumably due to the upload causing long frames)  
      * When uploading there was no speed / ETA data shown, just a spinner.  
      * I felt the animations on the homepage were all a little superfluous.  
      * The links in the footer link to places on the page, but without updating the URL hash, probably worth adding one to make it more linkable.

------
t3ra
How do you plan to compete with older (& less crappy) services like mediafire?

Also tonnes of decent ad supported options with no crap like wait time and
million popups like Openload Zippyshare AFH

(oh and site looks & performs great! Best of luck for future)

~~~
cyberferret
> compete with older (& less crappy) services like mediafire?

Did you mean to infer that MediaFire was _less_ crappy than this showcased
one? Or _crappier_ than this one? Your follow up sentence would indicate the
latter.

~~~
jclos
I think he/she meant the less crappy among the older services.

~~~
t3ra
I meant less crappy among the usual "file hosting sites". Mediafire for one is
a pretty good service with 10GB for free but some times has too many annoying
ads

OP's site looks great!

------
wito
I did something similar recently
[https://streambin.pl/](https://streambin.pl/), you can upload whole
directories but only when web-browser is on.

~~~
notwhoyouthink
This is really neat as a technical demo. What's your anticipated real-world
use for something like this?

My first thought was that it would be fantastic in a case where I needed to
pull a file off a server I was SSHd into but didn't feel like setting up a
SFTP session. Of course, in that case I probably wouldn't be comfortable
having the data pass through a third-party.

------
cyberferret
Seems pretty cool. I was actually thinking of building a similar 'accountless'
file upload and sharing service, but this one is a lot better than what I was
envisaging.

Question - would you, in the future allow uploading to configurable
destinations, e.g. my own S3 buckets? Also, do you track the number of time a
file asset was downloaded from your service so that the original uploader can
check activity stats?

EDIT: Feedback - when I scrolled to the bottom of the home page, the "There is
something I have to tell you" section is duplicated under itself.

~~~
NoFile
Thanks for the positive feedback.

Right now there's only an option to upload files to Dropbox, but the plan is
to add as many useful alternatives as possible and S3 would be a good option.

The number of times a file was downloaded is currently being counted, but it
isn't public. It would be an interesting idea to display it on every download
page by default (similar to Imgur) and give the uploader the option of
disabling it.

The duplicated info block has also been replaced, thanks for pointing it out.

------
ptrptr
OK, this looks promising but one question - how do you plan to avoid
rapidshare, uploaded and mega fate? This is not 2006, copyright owners will
tear you apart day 1.

~~~
NoFile
Any valid content removal requests that come in through the contact form will
be obeyed.

------
ourcat
With no information (that I can see) about where these files are hosted, or
who or where the organisation is behind this, using this could be a big
mistake.

------
skrowl
Bandwidth and storage aren't free. What is your business model? Things without
clear business models usually me YOU are the business model.

~~~
tyingq
Looks like nofile.io is depending on cloudflare. Which, I assume doesn't jive
with their TOS "SECTION 10: LIMITATION ON NON-HTML CACHING" policy.

~~~
NoFile
Only static content is served over Cloudflare. All uploads/downloads are done
directly with the storage servers.

~~~
jgrahamc
You sure about that? I just uploaded a file and then..

    
    
        curl -o /dev/null -v https://nofile.io/f/01ZAJO7Qhfe
    
        *   Trying 104.18.59.89...
        * Connected to nofile.io (104.18.59.89) port 443 (#0) 
        * TLS 1.2 connection using TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        * Server certificate: sni212289.cloudflaressl.com
        * Server certificate: COMODO ECC Domain Validation Secure Server CA 2
        * Server certificate: COMODO ECC Certification Authority
        * Server certificate: AddTrust External CA Root
        > GET /f/01ZAJO7Qhfe HTTP/1.1
        > Host: nofile.io
        > User-Agent: curl/7.43.0
        > Accept: */*
        >
        < HTTP/1.1 200 OK
        < Date: Tue, 07 Mar 2017 15:18:16 GMT
        < Content-Type: text/html; charset=UTF-8
        < Transfer-Encoding: chunked
        < Connection: keep-alive
        < Set-Cookie: __cfduid=d3f6984a870cdd03cea954585ac19e38c1488899895; expires=Wed, 07-Mar-18 15:18:15 GMT; path=/; domain=.nofile.io; HttpOnly
        < Vary: Accept-Encoding
        < Strict-Transport-Security: max-age=15768000
        < Server: cloudflare-nginx
        <
        { [957 bytes data]
        * Connection #0 to host nofile.io left intact
    

Looks like that ran through Cloudflare, even if it wasn't cached. Doesn't look
like it's going directly to whatever storage you are using.

~~~
NoFile
Yes, completely positive. You need to make sure that you're following the 301
redirects as that is not the final file location, hence why the data returned
is only 957 bytes.

~~~
jgrahamc
I see. Thanks.

------
NoFile
"It's ridiculously difficult to share a single file online without a bunch of
hassle. Most sites either riddle their pages with ads so you have to guess
where the correct download button is and usually restrict useful features to
their premium users.

All those useful features have been added to NoFile and made available for
anyone who wants to use it - all free from ads, registrations, payments and it
respects your privacy. Here are some of the current features (more to come):

* Simple upload process compatible with nearly all devices - accepts files as large as 10 GB to be uploaded

* Upload & download files without Javascript enabled (nearly all features are still available, although the site runs smoother with Javascript enabled)

* Password protect files (hashed with SHA256)

* Ability to encrypt files with AES-128 on the client-side before uploading to the server for secure storage (BETA)

* Easily view the metadata of a file (file type, dimensions, upload date, size, etc.) on its download page (URL to a live demo below)

* Preview files (PDF viewer, video/image/audio previews) before downloading (see demo URL below)

* All transfers are made securely over HTTPS to prevent malicious users from viewing what you're downloading/uploading (forced SSL)

* Securely view your upload history without having to create an account (history is stored in your browser's local storage)

* Save files directly to Dropbox (Dropbox scripts are only loaded when button is pressed to protect your privacy)

* No tracking codes and no third-party CDNs are used for external scripts, CSS or fonts in order to protect your privacy

\---

Here are a few demos

\- Download pages

[https://nofile.io/f/BJ6MyXboYLj](https://nofile.io/f/BJ6MyXboYLj) (an image
with its preview enabled)

[https://nofile.io/f/UH58eLI68Cl](https://nofile.io/f/UH58eLI68Cl) (an image
with its preview disabled by the uploader)

[https://nofile.io/f/Yl4NcFvsliN](https://nofile.io/f/Yl4NcFvsliN) (an image
with password protection - password is 12345)

[https://nofile.io/f/OoG2wQwS33R#c725690e45b3a393](https://nofile.io/f/OoG2wQwS33R#c725690e45b3a393)
(an image encrypted with AES-128, secret key is stored securely after the '#'
and not transmitted over the HTTP protocol)

\- Upload completed page

[https://nofile.io/edit/?id=UH58eLI68Cl&key=w69gz2D5y0RoH9umu...](https://nofile.io/edit/?id=UH58eLI68Cl&key=w69gz2D5y0RoH9umuJejll9r6qVvHbpkjEsQYPNKRyGzsdOQujruv08rfOhAkgxy&filename=NoFile_Demo.png)

To start uploading your own file(s) within seconds (without signing up):
[https://nofile.io](https://nofile.io) If you have suggestions, a complaint or
any features that you would like to see added then feel free to leave a
comment or use this contact form:
[https://nofile.io/contact/"](https://nofile.io/contact/")

~~~
amelius
> It's ridiculously difficult to share a single file online without a bunch of
> hassle. Most sites either riddle their pages with ads so you have to guess
> where the correct download button is and usually restrict useful features to
> their premium users.

Imho, if you really want to be the "Google of file-sharing", then the UI
should be a lot less distracting.

~~~
NoFile
"Google of file-sharing" would be a too heavy title to hold right now. The
animations are there in the background to give the site a comfortable touch,
but it should be easy to distinguish them from the actual site content (e.g
the download button comes inside a "box" with a different background color and
animated icons hidden underneath).

Perhaps it would be useful to add an option that toggles the animations
on/off.

~~~
alexwebb2
> Perhaps it would be useful to add an option that toggles the animations
> on/off.

If hundreds of people are telling you the animations are too much, kill the
animations.

If a small handful of people are saying it, ignore them.

But please, please, do not add _any_ complexity to a small-margin,
intentionally simple service like this in the hopes of pleasing everybody.

------
adamkochanowicz
Really cool stuff! I love the design. One bit of feedback I would give you
though is to go easy on the CSS transitions, especially where the user has a
target for interaction (navigation links, dragging and dropping...). Not that
it's not visually interesting to keep them but makes it a little painful to
have moving targets.

~~~
NoFile
Other users complained about this as well. A setting will be added which will
disable the animations for those that find them annoying.

------
rexreed
This is pretty awesome - I really want to replace Filepicker as it's way too
expensive for what I need. But I really like their embeddable widget that I
can embed with a button click. Also I like all the sources for files rather
than just a drag/drop or click upload. Can you support any of these features?

------
SparkyMcUnicorn
Since there's no business model, NoFile could disappear overnight.

Without some sort of guarantee of availability, I wouldn't be able to
recommend it to friends, coworkers, or family. I don't want to advertise
something that is truly a great service but ends up shutting down few months
from now after people start abusing it.

~~~
NoFile
There is of course nothing other than our word that will guarantee the site
being up.

But if the site does decide to shut down then we will be sure to notify users
about this at least a month in advance in order to have time to make backups.

------
orless
A few more:

Console gets spammed with "not active or paused - skipping speed" messages,
what are these?

There seems to be an onclose-like handler which warns me that I might have not
saved the changes (I've uploaded 6 files). Do I need to "save" somehow? I see
no "Save" button, nothing similar.

~~~
NoFile
"not active or paused - skipping speed" is sent from the upload speed and
estimated time measurement function and won't affect your upload.

The warning message that you receive when trying to close the page is only
there to prevent accidental exits and in case you're in the middle of an
upload or if you haven't copied the URLs of the uploaded files.

Unfortunately browsers no longer allow you to change the warning message,
hence why it's telling you to save.

------
nwellinghoff
I love how simple your site is. I hope is stays around. I would take
everyone's advice and remove the animations. I and a few other people I showed
it to in the office all had the same annoyed reaction. Everything else is
great and seems to work!

------
Brendinooo
Nice work, thanks for sharing.

I'd like to challenge you on the site name, though. Why'd you pick it? If I'm
a normal user who stumbled across the site, I might be confused if a site
called "NoFile" wanted me to upload files.

------
AngeloAnolin
Like the concept.

Testing on FF 51.0.1 and I can't seem to see the expiry option which is
supposed to be alongside the file that I uploaded. Maybe using a different
browser would work?

------
vxNsr
On the iPhone the margins to the edge of the page don't feel large enough and
I keep thinking the words are bleeding off the edges of the screen.

------
thepiwo
How do you prevent fraud? What keeps users from uploading copyrighted material
or using the site as download-mirror?

~~~
NoFile
The only way to prevent this is through valid content removal requests sent in
through the contact form.

As mentioned in a previous comment, since uploaders aren't rewarded for
downloads this shouldn't become too big of an issue to handle.

------
jszymborski
I don't see a DMCA link... that might be problematic for you in the future,
legally speaking.

~~~
NoFile
There is a contact form
([https://nofile.io/contact/](https://nofile.io/contact/)) where all content
removal requests can be sent to.

All requests will be checked and the file will be taken down if the request is
valid.

------
legohead
> Which file types are accepted?

> All of them

It is not accepting my Calculator.app. It just sits there, never uploading.

~~~
NoFile
Neither the file type nor the content inside the files are being checked.

This issue must've been caused by something else. Were you able to upload
other files?

------
leni536
Will there be a public API?

~~~
NoFile
The plans were to have the API added from the start. To prevent a rocky
beginning the API wasn't released, but it will be added as soon as possible.

------
dominotw
i've been looking for a site where i can upload my audiobooks files and an app
for andriod that would play it for me, (possibly offline).

Is there any other options other than dropbox?

~~~
NoFile
There isn't currently an app, but there shouldn't be any disadvantages between
using the site.

You can upload as many files as you wish and save them on your phone to play
offline (similar to what an app would do in the background) or play them
directly from the site.

------
beardog
Check your contact area. I notified you of an XSS issue.

~~~
NoFile
Thanks for reporting the issue. The XSS was related to the filenames.

Although most operating systems don't allow users to upload files containing
greater-than/less-than symbols, it's possible to add them by tampering the
requests and changing the filename.

From there you could change the filename to "<script>alert("xss")</script>"
and run an XSS. This has now been patched by encoding the characters.

Once we're a bit more stable we'll be sure to release a bug bounty program.

------
sprremix
Manual deletion doesn't work

~~~
anujianuj
Same here.

------
thomasluce
Nice idea and design. Along with what other people have said, though, turn off
all the js animations. They make it nigh impossible to quickly asses content
and actionable items, requiring that a person sit and stare for longer than
needed without getting any new or useful information. The design is nice on
its own; it doesn't need to be dressed up more, and if you feel it does than
that's a sign that you don't like the design and should change that instead.
Just my opinion.

