
Show HN: Peer-to-peer secure file transfer using WebRTC - nlightcho
https://bitf.ly/
======
helb
Similar project: FilePizza – [https://file.pizza/](https://file.pizza/)

github: [https://github.com/kern/filepizza](https://github.com/kern/filepizza)
show hn:
[https://news.ycombinator.com/item?id=9535332](https://news.ycombinator.com/item?id=9535332)

~~~
gfody
[http://xkcd949.com/](http://xkcd949.com/)

~~~
vacri

        cat $FILE | nc -l -p 80

~~~
digi_owl
firewalls?

~~~
vacri
The limitation of this method is that you do need your own port exposed to the
internet. The advantage of this method is that you don't have to trust a third
party.

For the explicit example above, your guest's firewall would have to be pretty
brutal to not allow port 80 through.

~~~
digi_owl
Yeah it was mostly the senders firewall (or the NAT you find on most consumer
routers) that i had in mind.

The OS may also balk at opening such a low port as a user, now that i think
about it.

------
CiPHPerCoder
From the HN title: "secure"

I have a question: Secure against what thread model?

The FAQ has an entry for "How do I know you're not sending all my data to the
NSA?" but that's the wrong question to ask (i.e. Even if you're not behaving
maliciously, that doesn't mean our data is safe against highly sophisticated
threats).

It would really be great if you could demonstrate what makes this more secure
than alternative solutions.

That said, this is kind of neat.

~~~
zanny
Webrtc itself requires perfect forward secrecy. While you cannot do
authentication with it - you need to provide that yourself - you can be
certain besides yourself and whomever your signaling server told you is your
peer are the only two able to decrypt the packets going between you two.

~~~
lqdc13
Doesn't the server know the token id? I didn't inspect the requests, but it's
possible to send the token to the server.

Therefore, can't they download the sample just like the connected client?

------
malekascha
I also made a similar project to this using WebRTC:
[https://www.mkstream.club/#/](https://www.mkstream.club/#/)

Github: [https://github.com/make-sity/mkstream](https://github.com/make-
sity/mkstream)

~~~
lucb1e
Might be just me, but "look I made something similar here is the link" without
any more info or mention of how it's relevant sounds a lot like piggybacking
off of the success of this thread to promote your own project.

~~~
malekascha
I'm sorry. that wasn't my intent. I just thought that I'd link it for anyone
who wants to see another example of a filesharing app made with WebRTC.

~~~
notfoss
Don't worry, this is how HN works and we are able to discover different
programs around a similar theme.

------
tjohns
There's also [http://sharedrop.io](http://sharedrop.io), which was featured on
HN a couple years ago and also uses WebRTC.

Source:
[https://github.com/cowbell/sharedrop](https://github.com/cowbell/sharedrop)
Discussion:
[https://news.ycombinator.com/item?id=7468328](https://news.ycombinator.com/item?id=7468328)

~~~
gfody
fipelines.org is another one (their cert is expired but if you ignore that the
site works well)

------
calanya
"Secure" but "we advise against using Bitfly for highly sensitive data. You
have been warned.".

So is it secure or isn't it?

~~~
nlightcho
I trust my browser's developers with my most sensitive data (online banking
password, government id etc.) but that does not mean I believe I am fully
secure in doing so. There could always be a bug in the WebRTC implementation
or the SSL library or the hardware. Maybe I should rephrase the FAQ to read
"Don't put your highly sensitive data on the Internet at all".

------
StavrosK
My favorite of these tools is magic womhole (command-line only):

[https://github.com/warner/magic-wormhole](https://github.com/warner/magic-
wormhole)

It gives you a few words for you to give the recipient, they type them in, and
boom, transfer starts.

------
shmerl
Sorry for off-topic, does anyone know why Google phone calling (Voice /
Hangouts) still doesn't work with WebRTC and requires native plugin? And are
there any other services for making phone calls which actually work with
WebRTC?

~~~
TD-Linux
They use nonstandard APIs, and send data over the network in a way
incompatible with WebRTC. This post is a bit old at this point but afaik the
situation hasn't changed: [https://webrtchacks.com/hangout-analysis-philipp-
hancke/](https://webrtchacks.com/hangout-analysis-philipp-hancke/)

~~~
shmerl
Thanks! What a mess. No wonder it's not working for me - I'm using Firefox.
Somehow I doubt Google are interested in fixing this.

------
crcastle
With some sort of peer discovery functionality, this could be a pretty cool
open, cross-platform replacement for Apple's AirDrop.

...but would probably need WebRTC functionality in Safari to work on iOS
devices

~~~
tjohns
I mentioned it in another comment upthread, but
[http://sharedrop.io](http://sharedrop.io) is exactly this. WebRTC file
transfer with LAN peer discovery.

~~~
endergen
Nice! Right, I forgot I had come across that one too. Using firebase was
clever too.

------
quartz
Very cool! We built something similar using flash and RTMFP back in 2010 and
actually got into YC W11 with the project (with dreams of building something
like airdrop until Apple went and actually built airdrop causing us to pivot
into high speed data transport instead).

It's great to see this being implemented using WebRTC now, which was just
popping onto the radar back then. I envy you building this without having to
write any action script or flex code! Best of luck with the project.

------
iolothebard
Awesome, I'm looking to incorporate some of this into a project I'm working
on.

------
n-gauge
Slightly off topic, but can anyone recommend a webrtc tutorial for data
channels or any projects which can be used for player v player over the
browser (chrome) . I guess like one player has to be the master and the other
players join his/her webrtc connection ?

------
amelius
I was wondering if it is possible to transfer streaming video data over WebRTC
already, for example to implement a video chat service, without wasting too
much CPU power and/or bandwidth?

~~~
willsentance
Icecomm lets you use Webrtc to do this pretty easily (icecomm.io)

~~~
amelius
Interesting. Are they doing image processing / compression in javascript?

------
terrortrain
Why not just use [http://instant.io](http://instant.io) ?

If you are worried about security, encrypt before sending.

------
leoh
Wow. Now implement this with file search and you've basically got something
like Napster.

