And my favorite,
It's probably time to start thinking about ways to monetise this to pay for the hosting costs at least.
Also, have you talked to a lawyer yet? If this takes off and you keep it up long enough, inevitably you're going to get people using it for child porn, stolen credit card numbers, leaked classified documents, instructions on how to make home-made bombs etc and someday a relevant law enforcement agency is going to want to have a conversation about the content that Mr Smith sent to Mr Jones via your server. It's probably a good idea to get your legal position straight before that day rather than trying to do it after the fact. And yes, I do recommend talking to an actual lawyer. Internet commentary is not an adequate substitute for legal advice here.
A little disingenuous since the domain was never listed on park.io and this site was made by the same company as park.io.
Makes me believe that they snatch up the best domains for themselves so people can't bid on them.
I've bought multiple domains from park.io before and had a good experience, but I was always worried about this.
park.io doesn't just get domains from drop-catching when they expire. Sometimes we buy them from the previous owner directly. Also, not all sales go through the drop-catching/auction process, for example users can park their domains on park.io and set a "Buy it Now" price for their parked domain, so domains also sell in this way.
file.io was never listed because it never expired/dropped or went to auction. We bought it directly from the previous owner and it was parked on park.io. I have now used it for the service posted here. What you quoted above was said to advertise park.io, and I apologize if it is misleading.
You buying it before posting it is no better than you drop-catching it.
In their FAQ, park.io writes that one of the reasons an expiring name might not be listed is "because we intend to order this domain for our own portfolio. We don't do this often, but every once in a while there is a domain we want for our own collection and so we do not list it on park.io."
Also, you don't keep logs but what about your cloud provider? What guarantees can you make about them, and what responsibility do programmers have to explain the risks to the public? It seems wrong to say "anonymous and secure" without some qualifiers: you must use https, unencrypted files might be copied by the cloud provider, etc...
While I didn't use it super often, when I did want to use it, it was very valuable. Thanks for building this!
Large files could become a problem, since any request causes the file to be deleted. There is no chance to retry. But, this is the most secure way handle file deletion.
You could offer an option that would delete the file after X% of bytes are downloaded.
I have been working a simple server to do just this, I am calling it a nonce file server. I have been coming across times when I need to deliver a file once, and only once.
The oneshotness of it does mitigate that a bit. If someone wants to share material with N people they have to upload it N times, which rate-limits (ab)use.
Q: "Why should I trust you?"
A: "Because you should! We're good people! Honest!"
I'd love to trust a service like this, but there's no credible effort to actually establish that trust.
> file.io is a project of humb.ly. It was created simply out of the joy of trying to build cool things on the internet, and we thought it may be useful for others. We take privacy very seriously and do not save any data once it has been deleted.
But going to humb.ly still doesn't really get me to trust you, there's not even any identifying info on that page. Two projects, one discontinued and one -- it seems -- novelty "religion".
What I want is some assurance like "The EFF has complete read-access to our platform and maintains a continuous independent audit of these services to verify that we comply with our own privacy assurances." The EFF is probably not the organization to do such a thing, but that's kind of what I'm looking for.
It would be awesome if I could download the file without the password to verify that it's stored encrypted though.
You'll see the POST to the server going up encrypted, and the subsequent GET when you download the file coming down encrypted as a binary XHR.
If paranoia is this high, why would a security policy text on a web page make any difference? They could claim anything they want, but you wouldn't have any idea if any actual encryption was happening, so best to do it yourself.
This is an extremely useful service, btw. I can see myself using this a lot. Kudos.
As you pointed out, it is a bit more constraining due to the support for WebRTC and users behind an SNAT, but I think for the majority of users it works well.
Love the site though. Maybe it's not designed for sharing files over services like Slack.
If you are concerned about the confidentiality of a file then use encryption or don't upload it to the internet.
Is this a "(our lawyers made us put this in)" sentence?
It's not like there is a .ilgl file type, and with 1 time downloads DCMA takedowns are unlikely.
It is made in Flask and is licensed in AGPL.
Project comes with Vagrant and Puppet-files for easy deploy!
As a developer, it's pretty rare for me to have the folder containing the file I'd like to upload already open in an Explorer/Finder/whatever window. (I'm more likely to have it open in a terminal.) So it will take exactly the same amount of work for me to navigate to the folder in a dialog box as in an Explorer window.
Even if I happen to have the folder open in Explorer, it's a hassle to move, resize, or otherwise organize my non-tiled windows so that both the file I'd like to drag and the space where I need to drop it are visible at the same time. Larger or multiple screens won't help, as I'll just clutter them up with more windows. I could drag to the taskbar to bring the browser to the foreground, but again that's the kind of hassle that I won't need to incur if I just used the dialog box.
For ordinary people with small-screened laptops and tablets, I assume it will be even harder to keep two apps open in a way so as to enable drag & drop, especially since a lot of people just maximize every window. (Can't blame them when they're stuck with 1366x768 screens and/or platforms that encourage fullscreen apps.)
I still use it today for sending files here and there. :)
https://github.com/alfg/dropdot - Source with demo.
Sadly i didn't bookmark it at the time, and i would like to revisit it and check some of the details.
Does anyone know of a listing of these bots that attempt to preview links? From what I've seen, these bots tend to ignore robots.txt since they are not crawlers, so seemingly need to be handled one by one.
How can I know, that there is no malware in the shared file?
The one time I had a support request it was dealt with promptly by the founder himself.
Be careful though --- I got the bright idea to be an amateur domain speculator... So far I've spent a cool $1000 on 10 domain names and am now discovering flipping them is harder than I thought!
Shameless self-plug for anyone who might be interested in my portfolio: http://cerebral.io