
Firefox Send: Free encrypted file transfer service - dnlserrano
https://blog.mozilla.org/blog/2019/03/12/introducing-firefox-send-providing-free-file-transfers-while-keeping-your-personal-information-private/
======
timvisee
I've been building a fully featured CLI tool for Firefox Send, supporting this
new release.

For anyone that is interested:
[https://github.com/timvisee/ffsend](https://github.com/timvisee/ffsend)

~~~
drewg123
FWIW, I built and successfully ran it on FreeBSD-current. The only hiccup I
ran into was that it puked building due to not having /usr/local/lib in its
lib search path & not being able to find libxcb. I had to manually add
-L/usr/local/lib to the cc args and manually link it. Not sure if that is a
FreeBSD issue w/Rust, or something in your package.

At any rate, the tool works! Thanks so much.

~~~
timvisee
Thanks for sharing your solution! Not sure what is causing it (maybe it's
OpenSSL binding related), and am currently not really targeting FreeBSD yet.

I wasn't fully ready with this tool for the Firefox Send release to be honest,
would have loved to be able to provide better binaries and packages for more
platforms, which are a work in progress.

If you believe you can improve the README with your solution, be sure to
submit a
[PR]([https://gitlab.com/timvisee/ffsend/](https://gitlab.com/timvisee/ffsend/)).

Happy to see it's working! :)

~~~
alxlaz
It's a BSD world thing :). Local (i.e. non-system) executables and libraries
go under /usr/local around here (i.e. libraries under /usr/local/lib, binaries
under /usr/local/bin and so on, the hierarchy under /usr/local has the same
structure as that under /usr).

~~~
drewg123
You can work around it by creating a cargo config with a wrapper. Eg:

cat ~/.cargo/config

    
    
      [target.x86_64-unknown-freebsd]
      linker = "/home/drewg123/bin/cargo-ld"
    

Where cargo-ld is just a wrapper:

    
    
      #!/bin/sh
      exec /usr/bin/ld -L/usr/local/lib $*

~~~
majewsky
For proper formatting of code snippets, indent the entire snippet with two
spaces.

------
skrebbel
In the not so recent past, HN'ers loved to quote tptacek's legendary rant
about how in-browser JavaScript crypto is fundamentally broken[0].

What changed? Is that rant finally outdated? Couldn't Mozilla at any time
serve a corrupted JS bundle (with or without their knowledge) which would leak
the key somewhere, silently replace the encryption by a noop, etc?

I ask out of interest, not skepticism. I much prefer an internet where we can
trust web apps to do proper crypto than one where we have to depend on some
app store to somewhat adequately protect us.

[0] [https://www.nccgroup.trust/us/about-us/newsroom-and-
events/b...](https://www.nccgroup.trust/us/about-us/newsroom-and-
events/blog/2011/august/javascript-cryptography-considered-harmful/)

~~~
tptacek
It's not outdated; it remains fundamentally true. But I'm uncomfortable with
people calling it a "legendary rant" because it was dashed off and I never
promoted it as any kind of last word on the subject. There are better
arguments against browser cryptography than mine.

In particular: you'd hope that WebCrypto would have changed things a bit, but,
of course, it doesn't: it leaves all the cryptographic joinery up to content-
controlled code. You're probably somewhat less likely to have side-channel
flaws if you use it, but in reality timing side-channels are more talked about
than seen. Who would bother, when they can just deliver a script that
exfiltrates secrets directly?

~~~
idlewords
You have said a bunch of useful stuff in HN comments that people end up
pointing to, but in those comment rants you also have a tendency to leave
things hanging or allude to things without further explanation (I think for
fear of being boring), or to assume people understand the context of a long-
running debate.

I think you should consider hoisting more of this stuff out into standalone
blog posts that you can flesh out and also update as circumstances warrant. I
don't think I'm the only one who has learned a lot from reading you, but often
felt myself wishing it had been dumbed down a shade for beginners.

Maybe the best argument for it is that blog posts remain mutable and you can
add and expand as necessary, unlike these HN posts that are frozen in amber.

~~~
tptacek
This place has basically ruined me for writing. I used to sort of know how to
do it! The idea of writing a top-to-bottom "browser Javascript is evil" post
is intimidating to me now. It was intimidating when I wrote the post referred
to above! And that one wasn't even good!

I'll work on it.

~~~
idlewords
One idea is to get a volunteer or hired goon to simply collate your HN posts
and post them somewhere editable. Then when you read them over, you'll be
horrified and the editing instinct will kick in.

------
jasonjayr
Is the source available for this? A self-hosted version of this would be
nice...

(Update: Yep, just found it:
[https://github.com/mozilla/send](https://github.com/mozilla/send), just
before the comment below was posted :))

~~~
jgruen
boop: [https://github.com/mozilla/send](https://github.com/mozilla/send)

~~~
lbeltrame
As far as I can see, this requires S3 or a S3 compatible service. Kind of
defeats the purpose of self hosting unless you can set one yourself (it may
be, I didn't look).

EDIT: Apparently there's a way to use filesystem instead of S3, it's just not
well documented.

~~~
alias_neo
Minio is your friend. (S3 compatible self-hosted, open-source object store).

I recently implemented a text/snippet sharing tool that uses Minio instead of
S3, because I like to self-host everything.

[https://minio.io/](https://minio.io/)

~~~
GordonS
I use this with Seafile to store data in Azure Blob storage - it was
incredibly simple to setup and has been rock solid since. Highly recommended!

~~~
penagwin
I'm curious, how do you use both seafile and minio?

~~~
GordonS
Minio is an S3 proxy, allowing you to use different storage backends with
systems that support S3-compatible blob storage (like Seafile).

In my case I have Minio in front of Azure blob storage, so Seafile is storing
data in that.

I host Seafile and Minio using Docker Compose, which was super-simple to get
started with.

------
AdmiralAsshat
I've used Firefox Send for several months while it was still a test pilot
program. It's been very useful for quickly sending files to family. The fact
that the link expires as soon as the other party downloads it means I don't
have to worry about clean up.

~~~
toomuchtodo
Does the link expire after a successful transfer? Curious what happens if the
transfer fails mid transfer and needs a retry.

~~~
AdmiralAsshat
No one I've tried it with has ever had it fail on them.

But to answer your question, I uploaded a 100mb+ file to FireFox Send, copied
the link, RDPd into another computer, kicked off the download, and then
cancelled it midway through download. The link _did_ expire after that.

So I guess they don't have an easy way of telling whether the download is
successful or not. Maybe Mozilla's engineers can figure something out if the
issue is raised.

~~~
NKCSS
If they did, you could abuse it by just trasfering every byte except the last,
add that in a custom link to complete the file transfer and have unlimited
distribution ;) I think it's best the way they did it.

------
old-gregg
If relevant Mozilla people are here: Send does not work if "Delete cookies and
site data when Firefox closes" checkbox in FF preferences is checked. Even the
page doesn't load [1]. It surely is a bug, because I am not closing Firefox.

That checkbox is #1 reason I only use Firefox.

[1] Developer console log output: _" Failed to register/update a ServiceWorker
for scope ‘[https://send.firefox.com/’](https://send.firefox.com/’): Storage
access is restricted in this context due to user settings or private browsing
mode. main.js:38:10 SecurityError: The operation is insecure."_

~~~
RJIb8RBYxzAMX9u
You should be able to whitelist
[https://send.firefox.com/](https://send.firefox.com/) with the "Manage
Permissions..." button right next to that option.

I block _all_ cookies except for a small list of sites (like HN...).

------
lmedinas
a bit off topic but here it goes...

This is how i think Mozilla can capture more users back to Firefox. By
providing "extra" services attached to the Mozilla and Firefox brand will make
them a superior product to the end user. Sure it's hard to compete with Chrome
but if you offer useful features and services integrated in your Browser i see
that Mozilla actually has a chance to compete with Google for the browser
space.

This is one of the "advantages", if you are a heavy Google user, of Chrome
over the competition is that everything is attached to your Google account.
Passwords, history, spellers, dictionaries, shortcuts, etc...

If Mozilla comes with Send, Notes, Password Manager all integrated in Firefox
i see a good way to bring back some of the previous users that switched to
Chrome.

~~~
scriptkiddy
Along the same lines, a Gmail-esque Thunderbird web service would be amazing.
I could finally de-google myself completely if that were the case.

Currently, I need to set up my own email hosting through a service like
fastmail and then configure a desktop client(like Thuderbird) to use it.

A Mozilla Gmail-esque service would remove a lot of the friction there and
probably bring in a bunch of users who are tired of google running everything.

~~~
gnud
Fastmail has a nice (and snappy) web interface. So you don't _need_ to set up
a desktop client, unless you want to.

~~~
scriptkiddy
I've used for a contract project I worked on. It wasn't bad, but it was
difficult to filter when there was a lot of messages.

------
bjt2n3904
I don't understand the end-to-end encryption claim.

1\. Bob uploads a file, but specifies no password.

2\. ???

3\. Sue downloads the file.

Best case, Bob's browser encrypts it (with javascript?) before uploading.
Either Mozilla provides a key, or Bob sends the key he used. When Sue's
browser downloads it, Mozilla sends the key and her browser decrypts it client
side.

In either case, Mozilla has the password for decryption. This makes a mild
barrier to mass scanning content that's uploaded, so at least that's
something... but that's little more than a promise I have to trust.

Am I missing something? Where is the "end-to-end" encryption? End-to-end means
I don't have to trust you (as much). Please don't turn this into a meaningless
buzzword...

EDIT: I did misunderstand something. Please see timvisee's comment below.

~~~
timvisee
The client encrypts the file that is uploaded, along with some metadata. The
key is appended to the share URL provided by the URL, in the fragment/hash,
and is never sent to the remote server. Only people having the URL including
the secret will be able to download and decrypt your shared file. See
[https://github.com/mozilla/send/blob/master/docs/encryption....](https://github.com/mozilla/send/blob/master/docs/encryption.md)

~~~
bjt2n3904
Thanks for the info. Let me see if I understand this correctly.

Browsers don't send the anchor tag (ie: with GET requests). FF Send takes
advantage of this by using the anchor tag to store the key for decryption.

That is kinda novel. You still need to trust the upload client to not leak the
key, but I see that you've written a CLI version. Interesting! Thanks for the
response.

~~~
timvisee
You got it! The only thing you'd have to worry about is malicious JavaScript
on the Firefox Send website which I believe would be highly unlikely. And of
course, you must keep your link secret.

Yes, such a CLI tool would help protect you against a MITM with malicious
JavaScript.

~~~
Piskvorrr
Unlikely but possible. Two words: browser extensions.

~~~
quickthrower2
Three words: My Ether Wallet.

------
hprotagonist
It doesn't exactly meet the needs of "sending files to a non-technical
person", but Magic Wormhole [0] has been truly great for flipping files around
between me and anyone who is capable of being trusted to run `pip install
--user pipe && pipe install magic-wormhole`. This is by no means everyone, but
it's been very useful quite often.

[0] [https://magic-wormhole.readthedocs.io/en/latest/](https://magic-
wormhole.readthedocs.io/en/latest/) has

~~~
asutekku
I have no clue why you would suggest a tool that requires using a linux
command line after telling firefox send doesn’t meet the needs of non-techical
person.

~~~
detaro
"It" in the first sentence does refer to the solution they mention, not
Firefox Send.

------
huhtenberg
Very clean and nice, but how is this financed?

That is, who's paying for the server storage and the bandwidth?

~~~
patrickxb
I don't understand how they can afford the bandwidth...

If this were on AWS it would be around $0.09 per GB for downloads.

~~~
toomuchtodo
Which is why you don’t host it on AWS. Wrong tool for the job.

~~~
TheKarateKid
Their Github page specifically mentions AWS S3 as a requirement. So they are
using it.

~~~
twic
It mentions "AWS S3 _or compatible service_ ". The S3 API is a de facto
standard for object storage services, and there are numerous implementations
of it.

~~~
sethhochberg
(Including many which you can easily self-host like Minio, for those who are
following along at home and weren't sure whether that was just limited to
other cloud services)

------
benawad
> Key Business Question to Answer: Is the value proposition of a large
> encrypted file transfer service enough to drive Firefox Account
> relationships for non-Firefox users.

The metrics section is interesting
[https://github.com/mozilla/send/blob/master/docs/metrics.md](https://github.com/mozilla/send/blob/master/docs/metrics.md)

~~~
medmunds
Oh interesting. Their two hypotheses (which they will test) are that Send "can
drive Firefox Accounts beyond the Firefox Browser" and that it will "will
provide a valuable platform to research, communicate with, and market to
conscious choosers..."

It sounds like they're investigating a premium service offering targeted at
privacy conscious users. (The secondary hypothesis covers "revenue" and will
be tested by conducting "research tasks ... in support of premium services
KPIs.")

------
Secretmapper
This is perfect! I'm currently taking a networking class where we generate
trace reports, and I've just realised how tricky it is to send files without
logging in (I'm just averse into doing that in a machine that's not mine). I
can email my trace files, but I need to login, I can store in dropbox/drive,
but again I'll have to login.

I wish they added a QR code option as well. It would be perfect for quickly
copying the link by snapping it with my phone so I can download later.

------
Ultramanoid
It's a fantastic service and I'm glad to see it leave the experiment stage and
become official. Highly recommended.

------
romantomjak
I really don't understand why they didn't share a link to the repository in
the article. For anyone who's interested - here it is:
[https://github.com/mozilla/send](https://github.com/mozilla/send)

~~~
Cyphase
It's because this blog is for mainstream audiences who don't know what GitHub
is and might be scared of all that code-y stuff if they accidentally clicked
on it.

~~~
thekyle
I'm not so sure about that. I have a difficult time believing that anyone in
the "mainstream audience" would take the time to read Mozilla's blog posts, or
more generally the blog posts of any tech company.

------
m4lvin
The same idea (e2e decryption key in fragment/hash) is used by the self-hosted
Lufi. Public instances are running at
[https://upload.disroot.org/](https://upload.disroot.org/) and
[https://framadrop.org/](https://framadrop.org/) and the code is here:
[https://framagit.org/fiat-tux/hat-softwares/lufi](https://framagit.org/fiat-
tux/hat-softwares/lufi) Maybe someone can comment on how Lufi compares to
Firefox Send (performance, usability?)

I also think the blog post could explain more why and how the e2e encryption
works. Maybe just by showing an example link and then highlight with colors
"this part is private"?

------
nvdk
I've been using send.firefox.com for months and so far the only downside was
the 1 day expiration. Very glad you can now opt for 7 days.

------
Rafuino
This is awesome for sending private documents to family (tax season, anyone?),
especially when your family isn't inclined to learn cryptography to set up
their own solution. Will be trying this ASAP.

------
Sammi
Open source peer-to-peer solution in the browser using WebRTC:
[https://file.pizza/](https://file.pizza/)

~~~
krferriter
Wow that's really neat. Downside is it only works while the page stays open on
the uploader's machine, while send.firefox.org uploads the file for a limited
time to a central server so you can close the tab before the recipient
downloads it.

------
rkagerer
If I've got this right, the file is encrypted using a secret key which is
generated on the client and appended to the anchor in the link, like:

[http://send.firefox.com/download/<fileid>/#<secret>](http://send.firefox.com/download/<fileid>/#<secret>)

Anyone who obtains the link (e.g. via email interception) gains access to the
file.

Since browsers don't transmit the anchor when requesting a resource [1],
Firefox servers never see a copy of the key. Provided you trust their
JavaScript.

[1] [https://stackoverflow.com/questions/3067491/is-the-anchor-
pa...](https://stackoverflow.com/questions/3067491/is-the-anchor-part-of-a-
url-being-sent-to-a-web-server)

~~~
somebodythere
> Anyone who obtains the link (e.g. via email interception) gains access to
> the file.

True, but, if a third party decides to use the intercepted link to download
the file, and you have it set to a limit of 1 download, the file will self-
destruct (if you trust Mozilla). This way, the recipient can know that someone
has tampered with the communication, which is certainly an improvement over
the status quo (email attachments).

------
TulliusCicero
Neat!

How do they handle abuse though? Like, people using it to host, say, pirated
TV shows? Maybe a max download limit that makes it impractical for that use
case?

~~~
mont
2.5GB file limit is a bit small for good quality TV shows (and especially
movies).

~~~
jhasse
With HEVC 2.5GB is perfectly fine for a 2 hour movie.

~~~
wiiittttt
Maybe for 1080p. It's 10-15GB for 4k.

~~~
untog
I'd be amazed if a majority of people were downloading 4K movies these days.

~~~
wiiittttt
Yeah, the majority are probably not, but i'd prefer to download at the highest
quality available.

~~~
darkpuma
Then you understand _" How do they handle abuse though? Like, people using it
to host, say, pirated TV shows?"_ remains an open question.

------
cmurf
Another neat feature actually built into Firefox is Take a Screenshot. To the
right of the URL field, in the three dots menu. Option to save it locally, or
save in the cloud with a URL with some expiration options. Sorta like a
pastebin for screenshots.

It only takes screenshots within the confines of a Firefox window.

~~~
fzzzy
Glad you like it (I worked on it). Just a side note, the cloud service will be
going away in the future, but the ability to save it locally will remain.

~~~
detaro
Replacing the cloud bits with Firefox Send integration seems a fairly obvious
idea then?

~~~
fzzzy
That has been discussed :-)

------
emddudley
I've used this before to send sensitive documents to my attorney, who would
have otherwise just wanted email attachments. It worked great.

~~~
BrandonM
Based on what I've read, the security model seems to be almost the same as
email attachments?

~~~
tvmalsv
One really big advantage of Send over attachments is that you don't have
seemingly immortal copies of the files hanging around in people's mail clients
and/or IMAP servers.

------
kgwxd
Why not "Mozilla Send"? If Firefox the browser isn't a requirement, the name
is confusing.

~~~
Cyphase
The same reason it's Chromecast, not Googlecast.[1] Branding.

[1] The protocol is named Google Cast, but all the consumer branding is
Chromecast.

~~~
kgwxd
I was thinking the same thing but in Google's case, Chrome is the dominate
browser and most people recognize it as something they already have. In the
case of Firefox, it's more likely they'll recognize the name specifically as
the browser they don't have and will think they can't use it.

~~~
ghostly_s
They'll recognize it as the browser they don't have any maybe should get
because it's now positively associated with cool new features like this. :)

------
sumitgt
It would be really amazing to build some sort of integration in commonly
available WiFi connected scanners and printers.

Currently, my scanner conveniently sends me emails with scanned documents. But
I have not insight into how they actually store and delete the document on the
backend.

Would be great if the scanner had the option to upload to Firefox Send and
show me a QR code to download it on other devices.

------
seveneightn9ne
How is this using end-to-end encryption? It seems like the recipient just
clicks a link to download. How can it have been encrypted for that person?
end-to-end encryption normally means that there's no way for the intermediary
to unencrypt the data but I can't see how that's possible in this case.

~~~
EwanToo
The url effectively contains the decryption key, so the web server could be
set to capture the urls and decrypt files.

If you want, you can also set a passphrase on the file to share via another
channel

~~~
Vinnl
That's why the key is in the hash part of the URL; the server can't access
that (unless it also sends client Javascript that parses it and sends it back
to the server, but that could be detected).

~~~
SamuelAdams
What if I'm on a network I don't trust? Is the only option to set a
passphrase? More importantly, the UI doesn't call this out explicitly, so
uninformed users may think it's "secure enough" without a passphrase.

~~~
fzzzy
The browser will never send the key across the network by itself because it is
in the fragment. Of course, you have to get the url with the fragment off your
computer and to the intended recipient, so a MITM of this communication could
intercept and download the file before the intended recipient. The intended
recipient would know that this has happened, though, as the link will then be
expired (assuming it was set to 1 download); if this is a fear, I would
suggest adding a passphrase and sending the passphrase out of band, for
example over a voice call.

------
bredren
Much of the data I share with friends using dropbox is on time-limited data in
the 1-2 GB space.

For certain reasons I get a ton of dropbox space, but for my friends, data
quotas kick in on even simple files shared like this.

I believe this is a primary upgrade mechanism for DB--I'd say this new firefox
offer is in competish.

------
kikikiki09i
How do they pay for the storage costs? What's the upside for Mozilla?

~~~
chrisseaton
> How do they pay for the storage costs?

Using their revenue from search, like everything else they pay for.

> What's the upside for Mozilla?

"Our mission is to ensure the Internet is a global public resource, open and
accessible to all. An Internet that truly puts people first, where individuals
can shape their own experience and are empowered, safe and independent."

------
diegorbaquero
I had the expectation that it would use WebRTC before opening the link,
disappointed on that side. But really glad of the privacy minded offer. I
appreciate Mozilla's work and effort towards a more private and encrypted
internet!

~~~
JohnFen
WebRTC and privacy don't exactly go together well.

------
ajsharp
Sharesecret (my company) provides a similar service, along with a slack
extension for anyone who needs a commercial product.
[https://sharesecret.co](https://sharesecret.co)

------
voidmain0001
I'm onboard as a regular user of send.firefox.com. How does Mozilla have the
money to offer this for free?

~~~
Vinnl
Mozilla has quite a bit of money, most of it from their default search engine
deals. I'd wager to guess that most of it goes to wages.

~~~
danilocesar
Net income 2017: 89 million. Not that much for a company employing more than a
thousand employees. But impressive for a corporation that is 100% owned by
(and allegedly managed like) a non-profit org.

------
ihuman
Does Firefox Send work on browsers besides Firefox for sending and receiving
files? It's blocked at my office, so I can't test it.

~~~
fzzzy
Yes. Tested on Chrome, Safari, and Edge.

~~~
tasty_freeze
Oddly, it doesn't work for me (FF 65.0.2, windows 7) -- I just get an inert
white rectangle in the middle of the screen. I tried turning off ublock origin
and DNT settings, but it still is just a rectangle.

It works on chrome, and does not work on IE 11 (win 7 doesn't support edge)

~~~
fzzzy
This seems to be a known bug if you have used the old version of send in your
profile that may be fixed now. If you try it in a private browsing window and
it works, it's probably that bug.

~~~
tasty_freeze
Sure enough -- it works in a private window. Is there a known fix for this, or
do I need to create a new profile?

~~~
fzzzy
It's been fixed and the fix is deployed to prod. Might need to clear some
cache.

------
F_r_k
Swisstransfer.com is more or less the same, but with 25Gb and no sign up

~~~
hiq
Regarding the differences, this website does not seem to encrypt the files on
the server, and does not provide links directly, so you need to provide at
least one valid email address, if only to send the link to you to then send it
to the party you want to share the file(s) with. It's also not open-source
AFAICT.

------
Aissen
I wonder if they've fixed the issue where one can force reuse of a link by
slowing down a download, and sharing the URL ? Hence turning it into a cheap
file hosting service:

[https://news.ycombinator.com/item?id=15450524](https://news.ycombinator.com/item?id=15450524)

I haven't been able to upload a file to try.

~~~
klohto
I've tested this and the link seems to expire the moment the user starts a
download.

~~~
Aissen
Nice.

------
DINKDINK
For senders and recipients who have execution privileges, OnionShare has:

Much lower trust assumptions

Functionality for dropboxes

[https://onionshare.org/](https://onionshare.org/)

[https://github.com/micahflee/onionshare](https://github.com/micahflee/onionshare)

------
justinc8687
This is cool, but I’m wondering if there is some sort of “secure drop box”
equivalent. Basically I generate a set of GPG keys, anyone can post to a web
form which encrypts the uploaded data, in browser, using my public key, and
uploads it somewhere (my server, s3, Dropbox, doesn’t matter as the private is
local on my computer). I could then download the files, decrypt them locally
and use them.

We get a lot of customers who want to send us secure data (customer info,
etc...) and I’d love a way to make it easy for the customer but still secure.

Does something like this exist, or is this still a pipe dream? Basically FF
send, except I provide a known public key to use, rather than it being
generated on the fly, requiring the user to find a way to send it to me out-
of-band.

------
marcus_holmes
I'm working on a file sharing product, for the niche use case of sharing
documents between family and professional providers (lawyers, accountants,
etc).

Documents are mostly emailed to recipients at the moment (unless they're too
large, in which case... um....). The main problem we see is that you end up
storing documents in email attachments on your email provider, and using email
search tools to try and find documents.

Would this end up the same, only with all documents ending up in the Downloads
folder?

Am I wasting my time working on creating a cloud storage sharing solution, and
be better working on a method of organising files on the drive, that can also
send them to other people?

~~~
77ko
Why have a file transfer for imp docs when you can have a single authoritative
source of truth for those docs, along with version history and who changed
what.

So why not just use Google Drive (or dropbox)?

I feel with features like secure file sharing (though only with other ppl with
google accounts), reasonably good security[1] and Inactive Account Manager[2]
it should work for legal docs. Especially considering Google is going to be
around for a while.

I would rather use a Mozilla offering but they don't really have too many
things for regular consumers outside of firefox and send.

[1]:
[https://myaccount.google.com/security](https://myaccount.google.com/security)
[2]:
[https://support.google.com/accounts/answer/3036546?hl=en](https://support.google.com/accounts/answer/3036546?hl=en)

~~~
marcus_holmes
There are file sharing use cases not covered by Google Drive or Dropbox.
Briefly:

Google reads (and censors, not that that would be an issue) anything added to
Drive (and uses that data to target ads at you). And Docs is primarily aimed
at collaboration rather than secure file sharing. And revoking permissions
isn't easy. And it's all tied up in to Google identities, which may or may not
be a recipient's personal Google ID rather than their professional ID -
everyone has a separate work email, not everyone has a separate work Google
ID.

Dropbox is designed to synchronise a folder between two devices. You can use
it to share documents, but that's not what it was designed to do. And if
someone deletes it off the shared folder, it gets deleted for everyone... not
ideal in this use case. It also creates a dropbox folder on the user's hard
drive, and will automatically upload anything in that folder, and copy that to
everyone else sharing that folder... it's democratic when this use case needs
to be authoritarian.

Does that make sense?

------
JonathonW
As I understand it, this "guarantees" privacy by embedding the key in the
link-- if that's generated client-side, it never gets sent to Mozilla's
servers (assuming they don't go out of their way to grab it via JavaScript)
and you can have end-to-end encryption.

But, if I'm logged in, it looks like Mozilla's storing that fragment on their
servers: if I upload a file from one browser, then sign in on a different
browser, I can see the link I generated (including the fragment) from the
first browser in my list of uploads, and I can download the file.

Doesn't that negate their end-to-end encryption if Mozilla servers have access
to the keys?

~~~
dcoates-moz
The data that's synced when you log in is also encrypted, with a unique key
derived from your Firefox Account called a scoped encryption key. Your key
changes when you change your password. We, (Mozilla) don't know your key (and
don't want to know it). Disclosure, I implemented the sync feature of Send.

------
woranl
I'm surprised that no one raised their concern about javascript encryption.
Usually, some will point out that the user will have to trust the delivered
client side code first. Has javascript encryption finally got mainstream now?

------
techaddict009
Looks more like wetransfer.

~~~
Oras
True, without the email. Actually, I like we transfer for sending emails and
notifications when the user has downloaded the attachments.

~~~
techaddict009
You can use wetransfer without email too I think. my designer sends me that
way. Probably signed up users can do so.

------
roryokane
In the past, I used [https://volafile.org/](https://volafile.org/) for sharing
files that will be deleted within a week. Volafile doesn’t do end-to-end
encryption like Firefox Send, but it allows you to upload files over 2.5 GB.

Volafile’s multi-file “room” functionality, with chat, makes it more suited
for sharing files among multiple people, while Firefox Send is optimized for
sending a single file to a single person or a targeted group.

------
solarkraft
Bur Firefox is a browser. Why would you associate this with Firefox instead of
making it a Mozilla service? It only leads to the Firefox brand deteriorating
even more quickly.

------
foxhop
Wow, this is really awesome and really cool! First I've heard of it. Just
tested it and it worked great.

Is it possible to audit the tech? Is Firefox send open source?

~~~
jfk13
See [https://github.com/mozilla/send/](https://github.com/mozilla/send/)

------
oftenwrong
Non-descriptive headline. Borrowing some copy from the announcement makes it
better:

"Firefox Send: a free encrypted file transfer service"

------
cmurf
Relatively new, are additional expiration options:

1 to 100 downloads, 1 is the default; or 5 minutes to 7 days, 1 day is the
default. And an option to protect with a password.

Upon expiration, entering the URL behaves the same as if you enter a bogus
URL, it's basically denied to have ever existed, i.e. it doesn't say this URL
has expired.

------
ksec
I keep seeing comments about Search Revenue and keeping this free. It would be
useful if Mozilla is getting more Firefox users out of it, but it likely won't
be in any significant number.

So what happen once this get popular and waiting to be abused? Just like Mega.
Who is going to continue and foot the bill?

~~~
cyphunk
most abuse mitigated by their limits on the number of downloads allowed and
how many days it can stay online. Currently at 7 days max and 100 downloads.
If they see abuse they could reduce this further.

about revenue, there are so many valuable directions this can go. It could
undercut competitors in ways they cannot sufficiently respond to. (google
responding in kind would leave them less reason to _not_ add encrypted storage
for drive) By stabilizing this platform they can start to build new privacy-
enhancing apps on top. Calendar, contacts, etc. With more dependency on the
platform, they will find areas where more storage, longer retention, will be
income generating.

privacy may be the only frontier that can displace google,apple,microsoft.

------
hieloz
That sounds great!

Tutanota also provides free encrypted file transfer service.-- Tresorit
Send:[https://send.tresorit.com/](https://send.tresorit.com/) ,which allows
you to upload and share up to 5GB files using the same end-to-end encrypted
technology.

------
kikikiki09i
How to they pay for the storage costs?

~~~
stunt
Storage is extremely cheap. Especially for a service like Send which doesn't
hold any data for a long period of time.

Elseways, It might be that they have bigger plans with it. This might be just
a product to learn about market potentials.

Mozilla's manifesto is all about the Internet and Internet privacy. File
sharing is one of the areas where the internet is losing privacy.

------
tantalor
Obligatory [https://xkcd.com/949/](https://xkcd.com/949/)

~~~
kenrick95
There's also a [http://xkcd949.com/](http://xkcd949.com/)

------
omouse
The eternal problem of uploading and sharing massive files seems to always
have new solutions.

------
pyyu
There's croc with relatively small binary for all non-mobile platforms:
[https://schollz.com/software/sending-a-
file/](https://schollz.com/software/sending-a-file/)

------
Causality1
Why does it have upload limits at all? Your client encrypts it, the data is
sent over your internet connection to someone else's, their client decrypts
it. Why would the data pass through Mozilla's servers?

~~~
arduinomancer
Wouldn't you need both clients to be online at the same time to do that?

~~~
Causality1
Yes, but most people are online 24/7 anyway, and that number approaches 100
percent for "two people who need to move a file from one to the other right
now". Hosted upload file sharing services are a dime a dozen now. How is this
better than slapping something on Dropbox or Mega to send someone?

------
SubiculumCode
I've used firefox send many times since its introduction as a pilot. I applaud
its simplicity. The workflow is basically upload, send message/email
containing the link, download.

------
josefresco
In one of their videos, the URL is www.send.firefox.com - the others drop the
www - is this intentional, a mistake? Why would someone use www before a sub
domain like that?

~~~
fzzzy
Looks like www.send.firefox.com was a mistake. It's not a valid way to access
the service. The correct url is send.firefox.com.

------
buboard
They could also offer a realtime webrtc solution like snapdrop.net . Although
i m not sure that works, it didn't work between my phone and desktop.

------
mirimir
FWIW it works in Tor browser, with no CAPTCHA. Nice.

------
euphoria83
This is great! It is a shame that Box and Dropbox need you to be a paying
customer to be able to share password protected shared links.

------
vanous
Tried it and it seems cool. Too bad that there isn't an addon to create a
provider for Thunderbird 's filelink.

------
MrXOR
Nice, but transfer.sh[1] > Firefox send

[1] [https://transfer.sh](https://transfer.sh)

------
_bxg1
Ah man, I literally came up with (and prototyped) this exact thing in 2013.
Minus the end to end encryption. I dropped it mostly because I wasn't sure how
to prevent illegal use and didn't want to be liable.

Edit: mine was actually (partially) better because it assigned a short PIN
instead of a full link, which meant you could just look at it and remember it
for typing-in, instead of requiring a separate channel to "send" the link.

~~~
tyingq
The end to end encryption necessitates a hard to remember uri anyway, so I
don't think you can have both "secure" and "memorable".

~~~
_bxg1
Yeah; ID length was definitely another challenge. Time-expiration helped, but.
I was going with 6 digits as a middle ground but it wasn't super secure, even
if an upload expired after a few minutes. And of course there was no way for
the user to know for sure that I couldn't keep around a copy without the E2E.

------
maurom
Been using it since beta. Props to Mozilla for providing one of the easiest
and well thought file sharing services.

------
Shorel
This really feels like something the old Opera (not the Chromium version)
would have done back in the day.

~~~
all_blue_chucks
They did. But it didn't work with NAT so it died.

------
z3t4
Why doesn't Firefox support p2p file sending !? Why do they do with the files
I upload !?

~~~
icebraining
P2P means both machines must be able to talk to each other (occasionally
difficult when both are behind NAT) and must be turned on at the same time.
Using a reliable intermediary gives some flexibility.

------
NedIsakoff
How are they going to deal with bad content? Child porn? Pirated content?
Illegal stuff?

~~~
mac01021
Since it's encrypted end to end, presumably they will be oblivious to all that
stuff?

~~~
NedIsakoff
Sure, but doesn't help with the PR does it. If people start using it to
send/dist the stuff, the news will mention it.

------
intellent
Is there a simple way to get the direct URL of the file (e.g. to use in wget
cli calls).

~~~
ubercow13
The file is decrypted in client-side JavaScript so presumably no

------
acnjgg
been using this for several months. have used it to send all kinds of files be
it malware to large files. it used to accept everything. but now it asks for
sign in.. why would they do they though

------
ChrisArchitect
what is the business case for this tho? Who pays for the bandwidth??

------
agorabinary
I'm quickly running out of excuses for still using Chrome...

~~~
Vinnl
While I'm not sure if this is a reason not to use Chrome (you can use it in
Chrome as well), trying Firefox is really just a couple of minutes work, and
you can easily go back...

Here, I'll type the download link for you:
[https://firefox.com](https://firefox.com)

------
usermac
Yes, next to Apple's AirDrop, this is a welcome addition.

------
zyngaro
What is the use case of such a tool? Real a question.

~~~
ebg13
I don't understand what you're asking. The use case is literally in the title
("file transfer").

------
johnchristopher
The npm installation of send is quite easy to set up.

------
oblio
I wonder if they're running some malware scanners plus do they have to comply
with DMCA takedowns? Based on what I see, the files are hosted on their
servers, so they kind of have to, no?

~~~
nvdk
At maximum 200 downloads and an expiration of 7 days I don't think anyone will
bother to be honest.

~~~
TulliusCicero
Hypothetically, you could wrap this storage solution in a service that
automatically creates new underlying links as old ones exhaust their quota or
expire.

------
pvK12
Backend is written in JS. I can understand why they chose Node, but why not
Typescript? This needs to be maintained and TS >>> JS.

------
qwerty456127
How does it work? Is it P2P or what?

~~~
JohnFen
The encrypted file is stored in the cloud. The recipient downloads it from
there and decrypts it.

P2P would be much better, but this isn't that.

~~~
mtgx
Wasn't it initially P2P and based on the WebRTC protocol?

~~~
JohnFen
Not as far as I can tell. Mozilla also has (or had, I forget whether it's
still a thing or not) a built-in WebRTC client they called "Hello", but that
was a different thing.

~~~
qwerty456127
What's the reason it's not made this way or doesn't include WebRTC-based P2P
transfer as an option?

~~~
JohnFen
I have no idea.

------
laurent123456
How does E2EE work if the recipient can download the file directly? I'd expect
some key or password needs to be exchanged too?

~~~
Vinnl
They key is appended to the URL as a hash, which cannot be read by the server.

------
sigmonsays
this doesn't seem that impressive technology wise, but maybe i'll remember to
use it.

------
liquid153
Is there a web plugin for this yet.

------
Brosper
Nice!

------
RoadRunner_23
File Transfer [https://xkcd.com/949/](https://xkcd.com/949/)

Hope Firefox Send solves this ever present problem ;)

------
mFixman
I can't believe that there isn't a simple service to transfer data between my
cellphone and my computer without going through the internet. iTunes is
terribly bloated, MTP is a mess, and Bluetooth is slow and frustrating.

Back in my hacker day I used to have an SSH server open on my cellphone and
use it to transfer files back and forth with my computer. Why isn't there a
mainstream service like that?

~~~
samcday
Tangentially related - I've always thought it's dumb that I can't just plug my
iPhone in to any PC and have it show up as a removable storage device.

I'm sure people who know more than me will give me a list of great reasons why
it's not straightforward to implement...

But it doesn't change the fact that I have this incredible device (iPhone X)
with 256gb of blindingly fast NAND flash storage, of which I am only utilizing
30gb, yet I still have to tote around a f __*ing stupid little plastic USB
dongle if I want to copy some files around.

~~~
TulliusCicero
> I'm sure people who know more than me will give me a list of great reasons
> why it's not straightforward to implement...

Nah, Android phones have done this forever, it's not technical difficulties
stopping it from working. It's _The Apple Way_. They don't want you using your
phone that way, or something.

~~~
dTal
Android phones don't do this anymore, for the technical reason that allowing a
computer to mount a filesystem directly requires that the phone unmount it.
Mass storage expects a block device, so there's no wrapper that one could
provide that would make this work with the native filesystems of the phone.

What _could_ be done is to dedicate a file on the phone as block storage, and
expose _that_ as a mass storage device. This would suffer from the same
problem (of the phone not being able to access it at the same time), but if
it's dedicated "flash drive emulation" space then perhaps this behavior won't
be as surprising to the user.

~~~
skykooler
Android phones show up as MTP devices, which are basically file-level storage
instead of block-level storage. Most OS's (besides MacOS) will display this
with the same interface as a USB mass storage device.

~~~
dTal
MTP is a horrible protocol which renders the abstraction very leaky in my
experience, to the extent that it's inaccurate to refer to it as "removable
storage" and expect to behave in similarly sane fashion to a proper flash
drive. For example, there's no support for modifying a file in-place - the
entire file must be read out, modified, and then written back. These kinds of
restrictions render it slow and unreliable.

Wikipedia tells the sordid story:
[https://en.wikipedia.org/wiki/Media_Transfer_Protocol#Compar...](https://en.wikipedia.org/wiki/Media_Transfer_Protocol#Comparison_with_USB_Mass_Storage)

~~~
TulliusCicero
> MTP is a horrible protocol which renders the abstraction very leaky in my
> experience

Nevertheless, it's still removable storage that can take the place of the most
common use case of portable flash drives: moving files around from one
computer to another. Which is explicitly what we were originally talking
about.

Pointing out that it doesn't work for some other use case that you yourself
brought up doesn't make any sense. That's not what everyone else was talking
about.

~~~
dTal
I'm not going to debate you in three places at once, that's just obnoxious and
clutters the thread.

Ultimately this is an argument about the precise semantics of "removable
storage". I don't regard an MTP device as "removable storage" \- it's another
computer that one speaks to using a special protocol, with severe limitations.
So is an iPhone - with special, protocol-speaking software, you can certainly
put arbitrary files on it. I interpreted the parent to mean that they wanted
to plug the phone in to "any PC" and have it Just Work. MTP isn't so great at
that, especially from my perspective as a Linux user, where MTP support is no
more built-in than iOS-protocol support. From this standpoint, "removable
storage" == "USB mass storage".

On the other hand, it sounds like whatever Apple provides is much worse even
than MTP, and less well supported in general.

~~~
TulliusCicero
> Ultimately this is an argument about the precise semantics of "removable
> storage". I don't regard an MTP device as "removable storage"

This is absurd. You don't get to tell someone, "you're wrong", then later when
it's pointed out that the original assertion was actually true, then say, "oh,
I meant that you're wrong as long as we're using my version of the word, the
one that's very different from the one everyone else was using."

Sorry, but that's blatantly disingenuous. The original context was very clear.
If you really meant, "well it sort of works as removable storage in one sense,
but not in this other sense" you should've just said that to begin with.

~~~
dTal
Well, I'm sorry to have upset you, and I hope that the precise technical
situation is now clear to anyone reading this thread.

------
hlnas
How "private" is it? Do you store metadata? i.e. if I upload a file and it
expires, do you also delete any trace of me, including my IP address?

~~~
mehrdadn
[https://send.firefox.com/legal](https://send.firefox.com/legal)

> We receive IP addresses of downloaders and uploaders as part of our standard
> server logs. These are retained for 90 days, and for that period, may be
> connected to activity of a file’s download URL. Although we develop our
> services in ways that minimize identification, you should know that it may
> be possible to correlate the IP address of a Send user to the IP address of
> other Mozilla services with accounts; and if there is a match, this could
> identify the account email address.

~~~
gurpreet-
Why is it a necessity to store information for 90 days? Why not 10 or 30?

~~~
mehrdadn
> Why is it a necessity to store information for 90 days? Why not 10 or 30?

Is there something special about 10 or 30? (You wouldn't ask the same question
about 10 or 30?)

~~~
hlnas
10 or 30 seem shorter, no? I don't have anything to say about 10 or 30, but 90
seems too long in my opinion.

I understand the need to keep logs to thwart abuse, but with longer lengths
you're just helping law enforcement.

~~~
mehrdadn
> 10 or 30 seem shorter, no? I don't have anything to say about 10 or 30, but
> 90 seems too long in my opinion.

Sure they're shorter, but wherever they draw the line somebody like you is
going to complain. Putting myself in their shoes I don't see any reason why
you wouldn't complain about 30 days (even if you really wouldn't).

> I understand the need to keep logs to thwart abuse, but with longer lengths
> you're just helping law enforcement.

90 days cannot be to thwart abuse because...? And helping law enforcement is
inherently terrible because...?

~~~
pennaMan
>And helping law enforcement is inherently terrible because

Helping in the sense that they open themselves up to be strong-armed by LE

------
icemelt8
I wonder which cloud service they are using to store the files.

~~~
swtrs
A bit of poking around leads me to prod.send.prod.cloudops.mozgcp.net so Im
assumping Google CloudCloud.

------
fxfan
There's also a command line interface somewhere

------
nukeop
I wish Mozilla focused on core Firefox functionalities instead of coming up
with so many small side projects that don't target their typical audience.
Since Chromium-based browsers are not an option, many of us are stuck with
Firefox as the only remaining choice. But even Firefox has to be heavily
customized before it's completely deGoogled and stops contacting various
motherships.

As a side note Nightly build for Ubuntu has been broken since version 61 and
there's no sign of any effort to fix it.

~~~
kvark
Is there anything specific you are missing in Firefox today? Or is it purely
the fact that it's broken since version 61? Did you submit a bugzilla issue,
or know the existing number? I'd be happy to check it out.

~~~
nukeop
A million things, like missing functionalities from the new extensions api
(meaning no Pentadactyl), no good way to manage keyboard shortcuts, having to
disable many google integrations after installation, no way to disable "do not
track" if using built-in tracker blocking, no sidebars a la Vivaldi, buggy
rendering (e.g. transitions animating elements using css transforms),
unexplained slowdowns, lack of proper tab isolation (one slow/crashed tab
takes the whole browser with it), etc. I could rant all day.

~~~
kvark
Thank you! This is great input to us, it just needs a few more details to
become actionable: bugs filed (for things that are not by design, of course,
like the extension API), repro steps and detailed information provided. If I
can reproduce it, I can file bugs myself, but I still need to get some
clarifications on how to reproduce.

------
navaati
I must say I am disapointed.

I thought this would be some cool realtime system to send from browser to
browser, using WebRTC or something. Something that doesn't involve them paying
for file servers, by the way.

I believed in Mozilla ! But no, here we are and I just don't see the
difference between this and Mega.

EDIT: except for the auto-deletion trick that addresses the piracy problem.
But still...

~~~
gsich
But that would require more brain and effort. Since many users are usually
behind a NAT, some NAT-traversal is neccessary. Combined with a robust
detection (for shitty networks) and fallback to "normal" servers ... you get
the idea.

~~~
Spivak
I think Syncthing has a good model for this sort of thing. Anyone can stand up
a rendezvous (and/or relay if you want) server which joins the network and
starts helping people traverse NAT.

------
m_b
This project sucks. Another bullshit firefox.com product that reinvent
something existing and well established (eg. Jirafeau or Lufi). I hate so much
what Mozilla become.

