Hacker News new | past | comments | ask | show | jobs | submit login

If I've got this right, the file is encrypted using a secret key which is generated on the client and appended to the anchor in the link, like:

http://send.firefox.com/download/<fileid>/#<secret>

Anyone who obtains the link (e.g. via email interception) gains access to the file.

Since browsers don't transmit the anchor when requesting a resource [1], Firefox servers never see a copy of the key. Provided you trust their JavaScript.

[1] https://stackoverflow.com/questions/3067491/is-the-anchor-pa...




> Anyone who obtains the link (e.g. via email interception) gains access to the file.

True, but, if a third party decides to use the intercepted link to download the file, and you have it set to a limit of 1 download, the file will self-destruct (if you trust Mozilla). This way, the recipient can know that someone has tampered with the communication, which is certainly an improvement over the status quo (email attachments).




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: