Firefox Send Is an Easy Way to Share Large Files Securely

This content has been archived. It may no longer be accurate or relevant.

From Wired:

You’ve got no shortage of ways to send encrypted messages, and at least as many cloud services for sending large files. But the Venn diagram for the two remains surprisingly, inconveniently small. That’s the beauty of Mozilla’s Firefox Send, a free, intuitive, web-based service that lets you share large encrypted files, no strings attached.

Send began in 2017 as an experiment, part of Firefox’s since-discontinued Test Pilot program. Since then, it has languished in beta, gaining a few features along the way, but mostly in the shadows. Tuesday marks its public launch.

What sets Send apart is its ease of use. It works in any browser; just go to send.firefox.com. Upload or drag and drop files, and Send will generate a link that you can set to expire after a certain number of downloads—up to 100—or a certain amount of time, ranging from five minutes to seven days. You can send up to 1 gigabyte, or up to 2.5GB if you sign in with a Firefox account. For comparison sake, SMS generally maxes out at 600 kilobytes. The biggest Gmail attachment you can send is 25 megabytes. Firefox Send offers orders of magnitude more room, enough to send a high-definition episode of Game of Thrones.

There are already ways to share large files, of course, whether it’s with a Google Drive link or through a service like Hightail. But doing so securely—with end-to-end encryption, without stashing files in the cloud—is another story.

. . . .

“There’s something weird about the idea of keeping all this [personal] stuff in a persistent cloud storage solution to me. I just don’t really want to have to remember to clean up my tracks. Even if I delete a file from some cloud storage somewhere, I don’t even know if it’s actually gone for good, or just gone from the user interface.”

Because Firefox Send is end-to-end encrypted, not even Mozilla can see the contents of what you’re sharing. You can also add a password to a given file, so that even if someone intercepts that URL—by compromising the recipient’s email, say—you can keep it secure.

As for the encryption itself, Firefox Send uses the Web Crypto API. “They generate a key and then encrypt the file, putting the key into the URL that you share with your friend,” says Matthew Green, a cryptographer at Johns Hopkins University. “It looks elegant and a nice way to do things.”

Link to the rest at Wired

PG immediately thought of drafts of cover designs going from the cover artist to the indie author for review. Also, pre-release review copies of an ebook.

PG has used Dropbox approximately forever, but it’s not terribly simple to understand and use for someone who doesn’t have a Dropbox account and isn’t terribly interested in signing up for a trial account. Ditto for Google Drive to transfer encrypted files.

PG also likes the automatic encryption that doesn’t require the recipient to install any decryption software programs.

It’s not that you can’t accomplish the same thing as Firefox Send using other programs, it’s that it’s encrypted file transport as a service, not as a software function.

5 thoughts on “Firefox Send Is an Easy Way to Share Large Files Securely”

  1. Thanks. I just tried it, and it’s very smooth and straightforward to use. I agree that it would be much less confusing for a newbie than Dropbox.

    One wonders if they will be offering larger files/more downloads/more time as paid options. I would probably be willing to pay for that.

  2. I agree with PG that Firefox Send is a slick way to transfer files with enhanced privacy, but I have to say that if I were hyper-concerned about privacy, I doubt that I would use Firefox Send.

    Allow me to explain what I mean by “hyper-concerned”. It is one thing to worry about low-level criminal hackers or corporate snoops trying to access your stuff. I would say that Firefox Send would make a low level hacker turn away in disgust. Too hard to bother with.

    But if North Korea, China, Russia, Israel or, perish the thought, the NSA were interested in your communications, I would not rely on Firefox Send to keep your stuff private.

    • Not that you are wrong about that, but if North Korea, China, Russia, Israel or, perish the thought, the NSA were interested in your communications, there is nothing you can do, as individual, to keep your stuff private. This is basically what Bruce Schneier says, when they ask him what you can do to protect yourself against such adversaries. The only real defense against local dishonest political forces is not technical, it is fostering good politics. As a defense against foreign political enemies, well, you can pray.

  3. Well, I’m with you on the politics side and I follow Schneirer on most points. It’s tough for an individual to face the resources of a government, but you can make it a lot harder for them to trace you than just using Firefox Send. For example, using a clean virtual machine with a bogus MAC address from a Starbucks you’ve never set foot in before or will after and using TOR will help. You’ve got to make sure your browser settings are not identifiable, and so on. Journalists have protocols for communicating with sources that are helpful.

Comments are closed.