Made a small file host focused on not leaving a trace.
- No account, no ads, no trackers
- You set when the file deletes itself (1 hour to 30 days, or after X downloads)
- Optional password on files and notes
- Reachable over Tor via an onion service
- Self-hosted
For when you just need to hand someone a file without it sitting on a server forever or asking them to sign up anywhere.
Compared to CopyParty does it also means no directory and now way to explore, namely dropping files more than organizing?
I use P2P, eg. AlterSend, FOSS, no account, encrypted, no size limit, no server in the middle. Mac, Windows, Linux, iOS, Android - one shared protocol
Thanks for this. When I need to move large files and I don’t want to do physical transfers I only ever used wormhole. Another tool or service is always nice.
And yes, I don’t have localsend set up. No, I’m too lazy, get off my back.
Edit: wasn’t reading closely enough. Eh, another thing to download. I’ll stick to
wormhole.appfor now and android’s quick share, which just added support for airdrop as well.Edit2:
wormhole.app
This is great, but how come am I getting an insecure warning from this site?
My only real question I have since there isn’t any source code listed.
How secure/private is the actual file storage service? It runs over the onion project which is nice but, without source code there’s no proof or evidence of encryption, nor proof that files actually delete as well as other logging style services that a privacy oriented service would normally have.
Hello, there is currently no end-to-end encryption on the server I’ll explain why below. The reasons why
True end-to-end encryption (where I literally can’t read your files) means the server only ever sees encrypted blobs. The problem is, that also means I can’t scan anything, and right now every upload is checked against known CSAM and run through malware scanning.
Go fully zero-knowledge and I lose that capability entirely, which on an anonymous host is a real problem it basically turns into a blind dropbox for whatever people want to put there.
So it’s genuinely one or the other either I can see enough of the content to keep it clean, or I can’t see it at all and can’t keep it clean. I chose to keep it scannable, because for an open anonymous service, I think being able to block that kind of content is more important.
That’s the real reason there’s no at-rest encryption not laziness it would compromise security. I’m open to hearing how you’d weigh the pros and cons, though.
You could do client-side scanning instead while checking a signature of the client’s js to ensure that it is your code that’s running.
Never trust the client lol
The ToS says illegal content is removed, which probably means there’s no encryption. And some file extensions are blocked which is weird. Files should be encrypted in the browser and not unencrypted at the server.
Use Firefox Send or OnionShare or something instead…
This isn’t open source? HA! Open source it or stop spamming us.
What’s the point of open sourcing here?
My reasons for absolutely requiring open source wherever possible:
- your code does what you say it does
- you have nothing to hide (like backdoors)
- the author doesn’t rug-pull us and start charging for the technology suddenly
- any technology I use can be modified to meet my requirements as they arise
- I decide when a product is obsolete
- I decide how a piece of software is provisioned, launched, updated, phased out, the lifecycle and feature set of the software should be able to be CONTROLLED BY ME
- I can fork the technology to give more back to the community by improving it.
- it could easily be a fed honeypot
- it could be malware
- I prefer to contribute to furthering the capabilities and toolchest of humanity in order to liberate other humans from tyranny.
- I prefer not to support (and am honestly suspicious of) other software engineers that don’t want to further the aforementioned capabilities and toolchest of humanity in order to liberate other humans from tyranny.
- Closing the code off is morally wrong and speaks to the ulterior motives of the author.
- obfuscation (which I view as security-by-obscurity) is a sign of a weak codebase and a compromised project lead in my opinion.
- closed source software is a non-starter in matters of privacy
My original plan was to launch the site and upload the entire source code so people could use it locally (I’ve fallen a bit behind because I’ve been adding features), but I’ll be uploading the full source code soon.
That said, everything is verifiable (regarding ads and trackers). Thank you very much for the comment!
The second I did more reading about it, I honestly wouldn’t touch your app with an 2000 foot pole.
Open source it or this should be considered spam or malware. I recommend the AGPL 3 license.
https://0x0.st/ is still goat!
Do they have a .onion address?
Yes, that’s great I agree with you. But I preferred to do something with a slightly improved UI (if I may say so)
That face in the bottom right corner is creepy as fuck.
This seems ideal.
My comment has no substance because I just want to find this post easily later.
It is NOT ideal. The statements from the dev lead me to recommend treating this app as malware.
Lemmy has a “Save” feature?
Yes, but i save things far more often than i comment.
Thank you very much for your comment. If you have any ideas, I’d love to hear them
