OCS banner and logo
Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe 
Search All Articles

Browse by Category

powered by pmc2m


Firefox File Share

The Mozilla Foundation is offering a terrific file sharing service. The files can be very large. It is very clean, simple and secure. You can only share a single file at a time, but if you need to send a file to someone, this is an excellent option. Basic features of the service:
  • Free
  • Simple and very easy to use
  • Secure
  • From a trusted source
  • Nothing to install. Works with all modern browsers. You do not need to use Firefox.
  • No registration or accounts need to be setup.

This is simply the easiest way to securely send a file to someone. In fact, it might be the easiest way to send a large file without even considering security.

How it works

You drag the file you want to share into the big box labeled "Drop your file here ...". Using standard encryption techniques, they encrypt the file on your computer and create a random location and name for the file. They then have a button to copy that location so you can send it in an email to the file recipient for them to download it. Once they download the file it is deleted. It is also deleted in 24 hours even if no one downloaded the file.

The problem with sending files as Email attachments

  • The files are often too big for the email.
  • Even if they aren't too big, it might take a long time to download, inconveniencing the recipient.
  • The files are left in the email program and possibly on the server providing the email service.
  • Email is inherently insecure and the files are not secured on the computers, even if they are secure while in transit.

A little more explanation

There is a little-known specification in the basic Internet protocols that says, if an Internet address (URL) has a # sign in it, then do not send what follows to the server you are connecting with. Firefox uses this trick and puts the encryption key after a # sign. That way, they never know how the file is encrypted and cannot decrypt your file. But since you send that key with the URL to your colleague, they can decrypt it. You always want encryption done on your computer before it is sent and you do not want the keys to be given away.

The entire project is open source, so we know there is no sneaky stuff going on behind the scenes.

For even more security

What can go wrong from a security point of view? The potential attack vector would be for someone who infiltrated your recipient's computer or Email server, to intercept and download the file from their email before the intended recipient could get to it. This doesn't concern me much because if they had that kind of access to your recipient's Email, then most likely everything you send them regardless of how securely will be compromised.

However, if you wanted to add another layer of protection you could delete that last 4 characters of the encryption key from the email link, then call them and give them that over the phone. That way, even if the email was intercepted, the file could not be decrypted.

They have a short video here.

Date: September 2017

Creative Commons License
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

  Please direct questions/suggestions about website to the webmaster