
What happened to Firefox Send? - Techbrunch
https://support.mozilla.org/en-US/kb/what-happened-firefox-send
======
headalgorithm
See recent discussion:
[https://news.ycombinator.com/item?id=24508880](https://news.ycombinator.com/item?id=24508880)

~~~
jb775
When the service went from unlimited open access to being put behind a login
wall, I assumed they were using this tool to pull more users into the Firefox
ecosystem (like what google does). I stopped using the service at that point
since it effectively lost the privacy aspect.

------
40four
Too bad. I really enjoyed using it while it was up. The code is open source,
and they have docs on how to set it up for self hosting. I wonder if there is
a chance some active forks might live on?

[https://github.com/mozilla/send](https://github.com/mozilla/send)
[https://github.com/mozilla/send/blob/master/docs/deployment....](https://github.com/mozilla/send/blob/master/docs/deployment.md)

~~~
aj3
We still have Magic Wormhole though and it's awesome! (at least for techies)
[https://magic-wormhole.readthedocs.io/en/latest/welcome.html](https://magic-
wormhole.readthedocs.io/en/latest/welcome.html)

~~~
unicornporn
"We" as in "the people who knows how to use the command line". Unfortunately
very few of the people I send files to knows that.

There's [https://webwormhole.io/](https://webwormhole.io/) and
[https://file.pizza/](https://file.pizza/) , but can I know what they really
do behind the scenes? Native open-source software for this would be a dream
come true. It's 2020 and I still wrestle with sending files between devices.
And no, don't take this as a wish for creating just another service. :)

~~~
sneakypete81
I've started a UI for magic wormhole:

[https://github.com/sneakypete81/wormhole-
ui](https://github.com/sneakypete81/wormhole-ui)

It's GPL, cross-platform, native (Qt) and uses the same Python library as the
Magic Wormhole CLI.

~~~
justnotworthit
I've tested it on my own devices and it installed and worked without a hitch.
Thanks.

------
kace91
I really don't understand it.

\- Content was used to spread malware/illegal content

\- It was not profitable

How are those two things something you find out after the fact? What was the
reasoning for launching the product in the first place?

~~~
rvba
Nearly all their "side projects" look like greenfields used by the project
teams to boost their CVs so they can land better jobs. Those teams know very
well that those projects have no use case, but they dont care. Foundation does
not care either, since it is busy with increasing own remuneration and
politics.

Meanwhile their core product lost around 10 percentage points of market share
(from 15% marketshare to 5%):

1) Nobody works on Firefox any more. From 1000 people in Mozilla and how many
working on Firefox? 50? and 950 doing various (useless) side projects?

2) they don't understand their own product and its user base: they killed
extensions, killed ability to customize anything. Basically they rebranded to
a "worse Chrome".

3) They dont care about quality and ship a half baked product. Recently they
shipped Firefox for android that feels like alpha version. It is even unclear
why did they ship it, they could have waited.

4) Countless bugs and problems caused by their own decisions (e.g. all
extensions need to be signed - they forget to sign them so they stopped
working..)

5) Not caring about the product at all because some people inside are stubborn
dinosaurs. Firefox didnt have proper installers for business, just because
someone inside didnt want to provide them. It's like sabotage.

Their tech savy user base gets alienated every day: no more extensions, no
more customization, constant broken workflow (changes for the sake of doing
changes, while old things are never repaired - greenfileds are easier). At
some point you start to wonder, why use a Chrome clone that is worse than
Chrome?

I expect that the marketshare will go from 5% to 0.% What will be terrible for
everyone. We are already losing the address bar due to Google AMP. [on a
sidenote: when Chrome pushed for Google AMP, Firefox didnt capitalize on it -
in fact Firefox also changed the address bar as if the Firefox team wanted to
secretly support AMP..]

Those teams probably know very well that Firefox is a sinking ship, since
development teams are not working on core product; but they dont care, they
will jump. Meanwhile those few who worked on Firefox are left holding the bag,
while they were "paying" for all those side projects, that just siphoned money
/ development time from core product that is Firefox.

~~~
CodesInChaos
> Recently they shipped Firefox for android that feels like alpha version. It
> is even unclear why did they ship it, they could have waited.

Apart from extensions requiring whitelisting, how is it worse than the old
mobile FF?

I didn't notice any new bugs and it fixed the issues I had with the address
bar hiding being fickle.

~~~
laurent123456
They made simple workflows more complicated, removed features and move UI
elements around for no apparent reason.

Weirdest thing is how they moved the address bar to the bottom of the screen.
You can put it back to the top of the screen but it's like - why?

There was a useful list of most frequently visited sites on the homepage,
which they've decided to remove.

Opening a new tab or a favourite now requires at least two taps (one on top of
the screen, and the second at the bottom), or one long press, while it
required only one tap before.

With their experience in software development, Mozilla should now that users
mostly hate changes, although we can be fine with it when there are
improvements too. But in this case, there's no improvements as far as I could
see, just random changes to the UI, a few things worse, a few things different
for no reason, but nothing better.

Overall it gives very little confidence in what they're doing. It seems
there's no leadership or overall vision at Mozilla, just random teams making
random changes just for fun.

~~~
leafmeal
> Weirdest thing is how they moved the address bar to the bottom of the
> screen. You can put it back to the top of the screen but it's like - why?

As someone with a larger phone, this has made things 100x easier. Previously,
the address bar was out of reach with one hand.

Personally, I'm really happy with all of the changes.

------
timvisee
Sad! Developer of `ffsend` here.

I've built `ffsend` as CLI tool for Send to securely share files from the
command line. It has been a great success! Thanks Mozilla, for building and
providing this amazing service!

For the interested:
[https://github.com/timvisee/ffsend](https://github.com/timvisee/ffsend)

I'm currently hosting a public Send instance myself so ffsend keeps working.
Let's see how long I can keep this going (and funded). It's available at
send.vis.ee .

~~~
dmix
Was this shutting down as surprising and out-of-left-field to yourself as
someone more closely connected to the project, as it seems to me?

~~~
timvisee
Pretty much. They suddenly took it down for 'maintenance'. The relaunch was
delayed. Mozilla released a statement on laying off 250 employees. That's when
I figured it wouldn't come back online again.

~~~
sfink
I don't have any specific knowledge, but my general impression was that
malware was a very real issue that nobody could come up with a realistic
response to. Other than that, it seems like Send was a breakout success.

(I work for Mozilla, but mostly on the JS engine.)

~~~
abnercoimbre
With the utmost respect, can somebody please tell if anyone thought of
requiring a Firefox account? Or charge $2/mo and go from there? Products
usually iterate on design and security, no? Not just give up right away?

Some of us recommended a Firefox+ service that bundles Firefox Send, the VPN,
etc. and charge a monthly premium. I would've paid a lot of money. Nothing
makes any sense looking from outside!

~~~
behnamoh
Somehow Mozilla nowadays reminds me of Yahoo! in the late 2000s and its
struggles to remain relevant.

------
0-_-0
This is due to people sharing malware:

[https://www.techradar.com/news/mozilla-suspends-firefox-
send...](https://www.techradar.com/news/mozilla-suspends-firefox-send-service-
following-malware-abuse)

The content can't be scanned server-side because uploaded files are encrypted

~~~
akuji1993
I mean... Were they really suprised by this? An encrypted file sharing
service, of course it's going to be used for sharing malware and illegal
content.. I'm not sure what would've been the solution for this issue, but it
was pretty clear that that was gonna happen...

~~~
rvz
Exactly. Most definitely bad actors would use this free encrypted file-sharing
service. But I suspect that this wasn't even sustainable for Mozilla to begin
with.

The road to hell is paved with good intentions here.

------
blunte
Either Send is more long lived than I realized, or I have a very different
definition of "legacy"

From the Mozilla Blog: ... we are announcing the end of life for two legacy
services that grew out of the Firefox Test Pilot program: Firefox Send and
Firefox Notes.

~~~
bscphil
No, you remembered correctly.

> It was launched on March 12, 2019

[https://en.wikipedia.org/wiki/Firefox_Send](https://en.wikipedia.org/wiki/Firefox_Send)

------
wodenokoto
For transferring large files between machines that don’t necessarily have the
same clients installed I find file.pizza quite convenient.

My understanding is it basically loads a JavaScript BitTorrent client and
let’s you transfer using that protocol, so both ends needs to be online, but
there is no file size limit, and good support on flaky connections.

There’s a few services like this, but I always find file.pizza to be the one
that I remember the name of :)

[https://file.pizza/](https://file.pizza/)

EDIT: as other people in this thread, I am also having trouble getting
file.pizza to work, in both Safari and Chrome.

Maybe it isn’t the answer it used to be.

~~~
tpetry
Has been shared a lot on hn and i always find it funny that it is simply not
working for me. I can't even transfer files between tabs in a single browser
nor between browsers on the same host.

~~~
amelius
Perhaps your browser stops Javascript in tabs that are not active (?)

------
zxcvgm
To be honest, I think some form of abuse was bound to happen. Your files are
encrypted client-side with JavaScript before uploading, so to the server it's
just an opaque blob.

Out of curiosity, I did some technical analysis¹ of how your files were being
encrypted to see if they were really secure and as a side-effect, also wrote a
Go client for it.

An interesting property I did discover about the way the encryption keys are
derived is that the scheme allows you to delegate an oblivious third-party to
download the blob for you, without actually revealing the file contents to
them.

¹ [https://irq5.io/2019/05/14/data-encryption-on-firefox-
send/](https://irq5.io/2019/05/14/data-encryption-on-firefox-send/)

~~~
fireattack
Might be a stupid question, but why server can't see the secret key?

You said that "note that URL fragments are never sent to the server", which is
true when uploading the file. But when someone is downloading the file, they
need to use this full URL with secret key right? By then, the server will get
the key and can decrypt the file themselves.

~~~
hiq
See the post that OP linked:

> Note that URL fragments are never sent to the server. They are often used
> for page anchors, and sometimes to keep track of local state in SPA.

Also see:
[https://en.wikipedia.org/wiki/URI_fragment#Basics](https://en.wikipedia.org/wiki/URI_fragment#Basics)

~~~
fireattack
Thank you for the info. I thought it's setup specific, didn't know anchor
string is never sent to servers _in general_.

------
nickjj
This was a great service for transferring 1 off files between 2 people (such
as 500mb wav files for podcast episodes which is what I used it for).

As it turns out, you can get similar behavior with Dropbox. The person sending
the file doesn't need a Dropbox account either. You just send them a URL and
then they have permission to upload the file.

The only extra step vs Firefox Send is you as the receiver need to delete the
file after you've downloaded it. Technically that's optional but in my case
that's what I wanted to do.

~~~
brunoqc
The downside with Dropbox's way is that a lot of people using the link will
think that they need to register an account.

I think the link offers you to create one but it's not clear that it's not
required.

~~~
veddox
So use Nextcloud instead ;-) You can link-share files and folders as read-
only, write-only (i.e. upload drop), or read-and-write.

~~~
anaganisk
Let me spin up a $5 vps on some random company, setup next cloud, and then
send a link to my friend so he can download a song? Silly!

------
AnonHP
Tangentially, I wonder what's happening with Lockwise. [1] It also seems to be
languishing without significant improvements. I was expecting it to be a
competitor, at least on mobile, to the likes of Bitwarden, 1Password, and
other solutions.

[1]: [https://www.mozilla.org/en-
US/firefox/lockwise/](https://www.mozilla.org/en-US/firefox/lockwise/)

~~~
arkitaip
I'm so happy I decided to move away from Chrome's password manager and Firefox
Lockwise and instead use Bitwarden.

------
rkangel
I once again don't have a good solution for 'how do I email a large file' but
[https://webwormhole.io/](https://webwormhole.io/) is useful and simple,
particularly for sending something big to someone you're video chatting with.

~~~
jbc1
Up to 2GB

[https://wetransfer.com](https://wetransfer.com)

~~~
rkangel
Thank you.

Do we trust them and their security approach? Genuine question - it was a
major selling point to me that Mozilla were operating Firefox Send. I was
happy to give some trust to them and their approach to encryption.

~~~
WJW
I used to work there, security was mostly decent with the exception of not
encrypting files client side. We advocated for it many times but the founders
wanted to keep the UI as simple as possible for users, which means that
forcing users to send the encryption keys to the receiver via a secondary
channel (ie not via WeTransfer, which would defeat the purpose as we would be
able to MITM it) was a no-go. You can always encrypt the files yourself with
the method of your choice and then send the encryption key over
Telegram/Signal/whatever. The company has existed for over 10 years now and is
profitable, so it's not going to disappear overnight or anything.

That said, the thing that apparently killed Mozilla Send (becoming a hub for
spam and child abuse material) was much easier to handle. The last big project
I was involved in was an automated photoDNA scanner to detect suspected child
abuse material. It would pull in various lists of hashes of known bad material
and flag any matches for manual verification by the department of the Dutch
police that handles such things.

------
toyg
This is one thing they could have done better in partnership with someone
whose main business is hosting and transferring files.

I said it yesterday: Mozilla and Dropbox should talk. Alone they will perish,
united they’ll be a real alternative to FAANG.

~~~
gsich
Netflix and filesharing?

------
sstanfie
I switched to croc
([https://github.com/schollz/croc](https://github.com/schollz/croc)) to send
large files. Works great across macOS and Windows. It's synchronous, one-time,
so not a fire-and-forget system. But quick for large files (sending custom
disk images for Raspberry Pi).

------
jtbayly
This was really funny because I tried to use it for the first time just after
it was taken down, but before the announcement. At that time, it loaded a page
that made it seem like it was just offline temporarily.

~~~
wodenokoto
According to the press release, it was taken offline temporarily and after
that they decided to do it permanently.

------
alex_duf
I wish we could get every major OS to work on an open standard for file
transfer from device to device (locally).

~~~
kevincox
+1 AirDrop is pretty cool but proprietary.

Android Beam looked promising but Google killed it for something proprietary.
Samsung had an updated version that used WiFi Direct, but I don't know if it
was open.

It seems that something that was somewhat plugable would be very useful.

\- NFC or bluetooth for setup. \- Bluetooth, Wifi Direct or Internet for
transfer.

Mesh networking would be cool as well but I don't think it is actually needed
for the MVP.

------
blooalien
And mere minutes after reading this, what should come in on my newsfeed?

[https://news.ycombinator.com/item?id=24503077](https://news.ycombinator.com/item?id=24503077)

Another tool for sending encrypted files from one machine to another. Viva la
Hacker News!

------
isodev
I was under the impression Firefox Send was one of the upcoming paid service
offerings. At least, that we were seeing the free service and waiting some
premium features to be released later on. It will be missed, it was a really
easy and intuitive solution for file sharing,

~~~
m000
I was really hoping this would be the case. Sync + Send + Lockwise would be a
bundle of services worth paying a subscription for. Provided that they also
made them available on Chrome rather than using them as lock-in features.

But there seems to be zero plans towards financial independence for Mozilla
Corp. The management board appears to be all too cozy with Google funds lining
their pockets. A financially independent Mozilla Corp. would probably mean
less money for them.

------
shp0ngle
....oh.

I have used it a few times in the past for the classic task "move large file
between two computers that are next to each other, how the hell do I do this
simply", but yeah, I can't see how that would be cost-effective for Firefox.

~~~
DavidSJ
Between Unix-based machines on the same network my go-to is netcat.

    
    
      receiver$ nc -l 2000 > file
      sender$ nc receiver 2000 < file
    

I usually check MD5 sums when I’m done.

~~~
mkayokay
SCP. simply for the encrypted transmission, and most *nix machines have ssh

~~~
DavidSJ
It does require having an account on both machines though. I've used nc in
situations where one machine is owned by someone else.

------
surfsvammel
Too bad. Never used it myself but it seemed like a useful tool from someone I
trust.

------
werdnapk
I used this service fairly often with clients to send me large files... pretty
much drag and drop and send me the link to the file. I thought it was great.

I guess I'll check out some of the alternatives listed in the comments here
now.

------
dpc_pw
The fact that you need a 3rd party service to send a file between two
computers is a failure of the Internet as a whole.

Instead of addressing it, the technical community as a whole just keeps
putting bandaids on it.

~~~
Sohcahtoa82
What makes it difficult are two problems:

\- Dealing with NAT

\- Security

Making a protocol for connecting to another machine and sending (or
requesting) a file is easy. We solved that a couple decades ago.

But how do you do it when both ends are behind NAT? UPNP was supposed to solve
this problem, but not everyone uses UPNP, and it's pain in the ass to deal
with port forwarding, also, good luck trying to walk grandma through setting
up a port forward on her router.

~~~
dpc_pw
I know. And it's a failure of an Internet and software ecosystem as whole.

Somewhere between 2000 and 2010 we just accepted how much of fiasco and
garbage everything have became.

------
surround
Discussion yesterday:

[https://news.ycombinator.com/item?id=24508880](https://news.ycombinator.com/item?id=24508880)

------
fergbrain
The challenge I have is when someone non-technical needs to send me a very
large file.

I’ve resorted to spinning up a pureftp server in docker and having them drop
it there.

~~~
rasz
jokes on you
[https://developers.google.com/web/updates/2020/09/chrome-86-...](https://developers.google.com/web/updates/2020/09/chrome-86-deps-
rems)

~~~
fergbrain
I don’t think you could write FTP via Firefox...I think it was read-only?

------
rvz
Oh dear. A stunning failure of another Firefox product which was hyped to hot
air: [0]

Looks like Mozilla really needs to find something to _actually_ be more
competitive than their current offerings of 'VPNs', 'File Sharing' and 'Web
Browsers'.

[0]
[https://news.ycombinator.com/item?id=19367850](https://news.ycombinator.com/item?id=19367850)

~~~
Ensorceled
I really wish they would focus on safe/private browsing and email and stay the
heck out of everything else.

~~~
jrochkind1
They gotta figure out a way to bring in revenue with safe/private browsing and
email then.

------
neilsimp1
Hahahaha. I have always thought this looked like a great product but never
really had a need for it.

I had a file slightly too large to email last night and thought I'd try FF
Send for the first time ever, only to be greeted with `Service Unavailable`.

It's a real bummer this is going away, and I hope this isn't a sign of more to
come.

------
edwincheese
We have built an alternative to Firefox Send. End-to-end encrypted, faster,
more space, and more features coming. [https://encl.io](https://encl.io)

------
DarkmSparks
Hows firefox doing these days? I've not really used it since it used to run
out of memory every few hours, did try it again after they rewrote everything
but it was really buggy with half the sites I frequent not working.

~~~
AriaMinaei
Check your extensions and privacy settings. Firefox is more aggressive in
blocking trackers and that _does_ break some authentication flows that involve
trackers. You can always disable some of those protections to get the website
to work, though I haven't had to do that in ages.

Other than that, Firefox on the Mac is consistently easier on the fans than
Chrome, and unlike Chrome, I almost never get runaway processes.

Web pages are also as snappy as Chrome. If a page feels slow, I often open it
in Chrome to compare, just out of curiosity. It used to be that Chrome would
struggle less with these pages, but FF seems to have caught up in the past
year or so.

~~~
bad_user
> _Check your extensions_

Pro-tip: if you have uBlock Origin installed, disable all other extensions
that are using EasyList, because they undermine uBO and visibly slow down the
page. In Chrome too.

N.b Firefox’s built in tracking protections don’t interfere.

------
SamuelAdams
Interesting. I thought it was discontinued due to malware and hackers using
it. I wonder if they were ever able to successfully mitigate these threats
with an encrypted file sharing service. If they did, the community ought to
know so other projects in the future can learn from Mozilla's efforts.

[1]: [https://www.zdnet.com/article/mozilla-suspends-firefox-
send-...](https://www.zdnet.com/article/mozilla-suspends-firefox-send-service-
while-it-addresses-malware-abuse/)

[2]: [https://cybersecuritymag.com/firefox-send-suspended-
hackers-...](https://cybersecuritymag.com/firefox-send-suspended-hackers-
malware/)

~~~
esquivalience
That's also what it says in the linked explanation contained in the article.

------
mc32
File.pizza is also p-p file defer in the browser, though I liked send from
Mozilla since it was integrated.

------
redm
I think this comes down to the fact that deploying an app and a platform are
very different things.

------
llagerlof
[https://transfer.sh](https://transfer.sh)

~~~
picodguyo
Have used this for years but it's being shut down at the end of October.

~~~
abemassry
I run a similar project like this, I have for the last 8 years, it's pretty
bare bones but you can build on top of it:
[https://github.com/abemassry/wsend](https://github.com/abemassry/wsend)

------
systems
what are the good alternatives, I spent sometimes on google, and most services
seem to required monthly subscription

I need to send large file securely sporadically , I cant like pay for like 10
usages etc .. as long as its not time bound

------
saos
What a blow. I loved it.

------
TedDoesntTalk
> Unfortunately, some abusive users were beginning to use Send to ship malware
> and conduct spear phishing attacks. This summer we took Firefox Send offline
> to address this challenge.

------
gigatexal
Get paid by Google; kill services like Google.

------
rogerdpack
It's like allpeers all over again?

------
haezee
Okay, but what happened?

------
CodinM
From their Github repo, Deployment: "Optionally telnet, to be able to quickly
check your installation"

------
angel_j
Mozilla sucks at software. They are prescriptive, and always changing. They
practice the worst of open source (give today, take tomorrow, user no choice,
auto-updates), and they cannot keep up with enterprise in their own domain.

