
Show HN: Free Unlimited Private File Sending (Beta) - tashmahalic
http://www.wireover.com
======
driverdan
Privacy policy? Terms of Service? About company / developer(s) page?
Technology details (P2P, intermediary server)?

Why would anyone download and install an app from a simple splash page like
this? It could be anything.

~~~
rglover
Yep. You can keep the design simple, but you need something to explain what
you're doing (or not doing) with people's data. Also, a bit strange this
wasn't made available considering you ask for my email address right after the
application starts.

~~~
tashmahalic
We're building the tool to send your bytes peer to peer (UDP hole punching)
when it can, which works ~90% of the time. When it fails, we route your bytes
through our servers. We don't store your bytes.

------
hristov
You are missing a Linux version. Yes, Linux has small market share yada yada
yada, but you will find that a much larger percentage of new adapters and tech
influencers are Linux users.

~~~
braco_alva
I was thinking the exact same thing, I feel very dissapointed every time I see
something interesting at the top of HN, and when I'm going to try it out,
there's no Linux version of it.

It's like you said, if they want a good number of beta testers/ early
adopters, they should have a Linux version.

------
frogly
Suggestion: If the visitor is using Windows, show a Windows screenshot on the
homepage. If they're using a Mac, show a screenshot of the Mac version.

------
johnsocs
My thoughts:

1\. I opened the web site and said ah, this looks pretty cool, I installed the
software and thought, eah.. okay I'll install it even though I really don't
want to install anything.

2\. Upload was simple after signup.. I understand you have to do the signup
thing to validate people somehow.. so for my test I sent a small file to
myself..

3\. Got the email to download it saw the link and tough ah sweet, just click
it.. and was presented with the exe download.. hmm another thing to install to
download the file... I thought, nah, not worth it, I don't want this thing
anymore, form there I deleted the client.

You need to make it simple to share with people who don't have the downloader,
you can't expect people to install something to download files they were sent.

Keep it free yet cap files to say 1MB for free users or something simple..
Paid users ~$5/mo get 2GB uploads..

~~~
sunsu
I think the transfers are supposed to be Peer-To-Peer (if possible), thus the
required downloader.

~~~
johnsocs
I fully understand the idea of using peer to peer keeping costs down etc.. my
review was just from a users POV.

When using the service to quickly send a file to a coworker or customer I
would not expect them to download a 'downloader' to get my 'attachment'

------
davidedicillo
If it's free (and it's planning to stay free), how is the company planning to
stay in business?

~~~
udp
I wonder if this uses P2P at all or whether everything is routed through their
servers? The former would be far more sustainable (although NAT problems ahoy
if that's the _only_ channel).

It does look like they're planning on offering a paid version:

 _"Upgrade to Pro with end-to-end encryption to make your transfers completely
confidential. We can't even access your files."_

~~~
tashmahalic
That's exactly right. We think most people will love the free tool for their
personal use, and that many businesses will be willing to pay for End-to-End
Encryption and CloudCache.

~~~
kirk21
At first I believed that the revenue stream was like this: 1) ppl give their
e-mail address 2) you scan the attachments (eg. words, subject etc). 3) you
create a database 4) you sell the database to advertisers (that already have
my e-mail address and can enrich their data).

------
Myrth
That opens additional way for malware find its way to non-technical user
computer... Until now I could explain my granpa never to run any executables
or downloads that come in emails.

I think you're opening a can of worms. The email is HTML, so it would be very
hard for my granpa to verify that the link is actually to your site. As you
can imagine it is very easy to make the email and site look exactly like
yours, and even make the link URL itself look similar.

~~~
tashmahalic
That's also a concern of ours.

We're doing the downloaders because it let's us do p2p, which is how we can
offer free and unlimited. It also affords end-to-end encryption, and
resumable/restartable transfers.

We think we can mitigate those concerns some by code-signing the exe, having
the download from https, and building a recognized brand.

Also, we're considering a feature called "Channels". After you set up a
channel with your grandpa, it can be trusted. You just drag files onto your
"Grandpa Channel" and they go to his HD in that channel's folder (he gets a
pop up to accept/decline). This also ends up being a convenience for frequent
sends because you don't have to enter your recipient's email - you just drag
and drop files onto the channel and they start going.

Does that address your concerns?

~~~
Myrth
Sorry, but not really.

> We think we can mitigate those concerns some by code-signing the exe, having
> the download from https, and building a recognized brand.

I don't see how all these resolve someone sending an email that looks exactly
like yours, which links to a page that looks exactly like yours, which links
to a malware executable.

Even with code-signing I wouldn't trust non-technical users to understand
difference between popups, as well as resist close-all-these-annoying-popups
reflex.

To make sure that the email is legitimate I'll have to either check the
source, or seek in the mouse over. And after it is a "recognized brand", no
one will be checking that.

I don't see how I could feel safe with executable file download links in the
email. Maybe registering a scheme and sending in email a link with instruction
to the file origin would be more acceptable, but that's only if the software
is already installed. Ex: wirefrom://my@email.com

~~~
tashmahalic
What about Channels? If you have your grandpa install WireOver, and you set up
a channel with him, all your sends over that channel can't be faked. He gets
notified via the installed tool (dialog: "Would you like to accept files from
Myrth?"), not via email, so there's no longer a need for him to download an
executable.

Does that address your concerns?

~~~
Myrth
Yes, if the email does not contain link to download an executable, it can be a
great way to share files.

------
etherealG
I got this on gmail for the verification email, thought you would want to know
for users that are a bit less technically savvy:

Be careful with this message. Similar messages have been used to steal
people's personal information. Unless you trust the sender, don't click on
links or reply with personal information. Learn more

~~~
tashmahalic
Thanks for letting me know. We need to find a way to fix that.

~~~
etherealG
I would estimate it's some combination of the text, links, and most
importantly domains. get some spf records setup for your from domain.

Hope that helps :)

------
krelian
As a user I love the no-nonsense straight to the point (and download) page,
but as a HN'er I'd like to know more about it (and the company) before
installing the software.

~~~
tashmahalic
We'll put up some more info about us in the near future. Here's a bit: we're
programmers from the computer simulation world, data visualization world, high
frequency trading world, and desktop application world. This tool is our first
beta - we're looking to prove people will love it, and get your feedback about
how it can be better.

So - thanks for your feedback!

------
creamyhorror
Comparison: This looks like an automated desktop version of
MediaFire/MegaUpload/YouSendIt, since right now it works by downloading from
an intermediary (I assume, from what tashmahalic said: "You run it, it
downloads your files"). It has advantages in being ad-free (for now at least),
supporting unlimited sizes (ditto), auto-resume, return receipts, and
encryption (though I suspect some of the existing sites may have these too).

It'll still be a winner if it provides a better user experience than the
others, of course. When it goes fully p2p, it may become the killer p2p file
transfer app that the world's been waiting for.* Good luck.

(* or does this already exist?)

~~~
tashmahalic
creamyhorror, you have perhaps the best HackerNews username ever. Whatever was
your inspiration?

WireOver was born out of sheer annoyance, because it's _ridiculous_ that
sending files over WANs and LANs is still such a pain.

Our guiding principle: BE NOT ANNOYING.

Ads would be annoying, so they're out. File size limits are annoying. Failed
transfers are annoying, slow transfers are annoying, cluttered UIs are
annoying, not sleeping well at night because you're worried about security is
annoying.

Transfers should find the fastest route automatically - over internet or LAN -
and they should go seamlessly between Mac, Windows, and Linux. That's what we
want ourselves as users. We'd be pleased as punch to lower the annoyance level
for others too.

~~~
creamyhorror
That's a great principle to have. Less annoying things make life better -
although I have no doubt it can take a lot of effort to eliminate annoyances
(especially when you have to build a lot of intelligence into the system). We
try to do the same in my own project, although we often have to assign 'nicer'
(de-annoying) features to a v2 protoype because of limited dev resources. It's
great that you guys are all coders (AFAICT).

My username makes people conjure up all sorts of images, which is why it's
great for me to never plant a definitive one in their heads. I'm thinking of
changing it, though, since it's none too professional on the rather social
startup scene!

------
Nikkau
"Sorry, you must run WireOver from inside the DMG it comes in."

Why?

~~~
xymostech
It looks like it just installs itself into $HOME/Applications when you run it.
No idea why you can't run it from somewhere else.

------
tashmahalic
To give a proper introduction - I'm Trent, one of the co-founders of WireOver.
We want our tool to become indispensable to all of you, and I really
appreciate your feedback. I'm always impressed by how smart and useful your
comments are. Thanks in advance.

Please give WireOver a spin and let me know what you think. I'm
trent@wireover.com.

~~~
marquis
I've run a couple of tests and the email to pick up the file is not being
received. If the user has to be logged in already and have the software
downloaded, it's not clear at all. Expectation is that an email is received to
notify of a file being available, and install software if it's a new account -
which leads to more people using your service I would believe, being more
viral in nature.

~~~
tintin
Check your spam box. Worked for me.

But the developers should check why the e-mail ends up in the span all the
time.

~~~
tashmahalic
THAT's a problem. We're trying to figure out why that's happening. Thanks for
letting me know.

------
Zaheer
"Auto-Resume If your transfer is interrupted, it will automatically resume,
even if you restart your computer."

Interesting feature. So far I've only see torrents have this. Would love if my
downloads online had working pause and resume functionality.

~~~
nl
It's actually pretty common, even if most browsers don't support it well.

Get a download manager (wget -c is my favourite), and it will work for you,
too.

Most HTTP server support HTTP-Range queries, which allows resuming downloads.
FTP (of course) has always supported this feature.

~~~
Groxx
I've used rsync --partial to move very large quantities of files between
computers (> 1 million once). Especially on many files, it generally runs
several times faster than the OS's copy-to-networked-computer functionality,
and it resumes in an instant. It's even faster if you run a daemon on the
other end, so you don't need to do a bunch of back-and-forth to determine if a
file is new or not.

It boggles my mind that OSX (for example) doesn't just use this under the
hood, especially when sending to other OSX machines. It's an OS speaking to
itself - spinning up a daemon automatically on the receiver would be trivial.

~~~
lawnchair_larry
Congratulations, you just invented dropbox ;)

~~~
wingworks
Dropbox is horribly slow when working with 1000+ files. Especially if they are
small files. Last time I tried it Drobbox would use 100% CPU and go rather
slow (while rsync didn't).

This was about a year ago though, things may have been made better by now.

------
jpalomaki
I can see some use for this in transferring large files (for example virtual
machine images) between my own computers which are sometimes connected by
wlan, lan and sometimes just wan.

There are cases when I don't want to be waiting for the transfer to complete.
Would be great if I could just take the laptop and finish the transfer over
the internet later on.

User experience should be simple. For serious syncing I would use some other
tools. I'm thinking something like right clicking on folder to make it
"available", then on some other computer selecting which folders I want to
download.

Some clever combination of web and client software could make this pretty
smooth.

------
rdl
Your software should tell the user what it's going to do on each step before
actually asking the user for permission and then doing it (it's not clear that
it's an installer in the dmg, and that it's taking my email address to create
an account and install a daemon and thingy on the menubar.

I like minimalism as much as anyone, but some basic info would make it a lot
easier to trust (and thus recommend).

~~~
tashmahalic
I can see how clear explanations of what's happening are important to build
trust. We're going to improve on that.

------
kristopher
Have not tried the application as of yet, although perhaps you should change
the UI to read:

    
    
      "Send these files to:" for the label
      and
      "name@example.com" for the greyed-out default.
    

Instead of the current[0]:

    
    
      "Email to Send to"
    

[0] <http://www.wireover.com/media/screencap.png>

~~~
tashmahalic
Good suggestion, thanks. We have some polishing of the UI to do.

------
bromagosa
«WireOver is a desktop app for sending files to anyone, anywhere.» True, just
as long as GNU/Linux users are considered "noone, nowhere".

~~~
tashmahalic
I'm use linux too, I feel your pain... I'm sorry we don't have it for you yet.
We will.

~~~
bromagosa
Cool! Looking forward to it, thanks :)

------
joejohnson
You could just pass TrueCrypt volumes with the free service and have strong
crypto file sharing for free.

------
rdl
Wow, this is pretty cool. It would be interesting to talk with you about your
crypto.

~~~
tashmahalic
Our crypto design is this -

1\. The sender generates an AES-256 key for the transfer. 2\. The receiver
sends a public key to the sender. 3\. The sender encrypts the AES key with the
public key, and sends to the receiver. 4\. The receiver decrypts the AES key.
5\. The sender then sends all the bytes, encrypted with AES.

The point of using the AES key is that it's faster to encrypt/decrypt. The
point of using the public/private keys is to get that key to the receiver in a
secure way.

The transfer has a session key from our server so each peer can validate the
identity of the other peer.

How's that sound?

~~~
chacham15
If those steps are all of the protocol, this is vulnerable to a man in the
middle attack. The way that that is done is by having Eve intercept the public
key sent to the sender and instead sends his own. Then the sender sends Eve
the AES key and Eve sends the recipient her own AES key accomplishing the man
in the middle attack.

~~~
tashmahalic
My understanding is that if the public key is transmitted from the receiver to
the sender _through_ our server instead of directly, that should be secure to
MITM. This assumes that peer connections to our server are secure (SSL).

Does this meet with your understanding?

------
geuis
It may be a mistake on my part, but initially <http://drop.io> appeared to to
resolve to your site. It would be helpful if you can confirm or deny this.

~~~
tashmahalic
That's strange. We have nothing to do with drop.io.

------
aufreak3
I started using AeroFS for something like this, but it is about "syncing",
while all the time I keep thinking it ought to be possible for these guys to
do file sending as well.

Anyone AeroFS fans here?

------
pacifika
I would like to use it at work but also personally from the same computer, so
perhaps you could consider something like an account alias so I can link both
to one WireOver.

~~~
tashmahalic
You can now install WireOver at home with your personal email, and install it
at work with your work email.

Why would you like them to be linked somehow?

------
momop
It is minimalistic and that's great! You say it is P2P, so would I end up
paying for someone else's traffic like torrents ? I didn't see anything in the
settings though.

~~~
leonidwang
I guess it's peer-to-peer, not peers-to-peers, that means you can send/get
files to/from _one_ endpoint, not from multiple endpoints. It is kind of a
private file-sharing tool, not a public one such as bittorrent. Just guess, it
would be better confirmed by the OP.

------
Shadow6363
How does this compare to something like Kicksend?

------
alexzappy
I noticed upon installation WireOver is connecting to logs.papertailapp.com -
what kind of info are you logging?

~~~
tashmahalic
We're logging exceptions and connectivity issues to help us troubleshoot
problems.

We are NOT logging anything I think you'd be concerned about (this is our BE
NOT ANNOYING principle at work).

When we get our Privacy Policy and Terms of Service up, it will be something
to the tune of: you own your data, we don't; we don't share your personal
information (unless the law requires); and, we don't store your files once
they're delivered (bytes go P2P anyway most of the time, so our servers
usually don't even see them anyway).

If you have a Pro (secure) account, your bytes will be encrypted in a way that
even we can't decrypt. That's the kind of security we would want as users.

------
marcamillion
This makes a lot of bold claims.

Need to see some credibility or explanations for these claims before I trust
it.

------
matdwyer
Do files download over HTTP or through the app on the recipients computer

~~~
tashmahalic
Your recipient gets an email with a download link. The link downloads a
downloader. You run it, it downloads your files, then it deletes itself,
unless you elect to install WireOver.

Try it out and let us know what you think!

------
leonidwang
How's this one comparing to sendoid?

~~~
tintin
This one is available.

 _"NOTICE: The Sendoid service is no longer available."_ _"Sendoid's web
interface was disabled on Wednesday, March 7th."_

------
NHQ
I hope this is legit!

