Mozilla Send - New encrypted file sharing app

What do you think about this? Can this be used to send messages, emails (with some tweaking)???

I think PGP is still the best and most secure option. Distrust anyone wanting to send on your behalf

1 Like

Why not just roll your own?

Use S3 to store which provides an https endpoint for UL/DL and can be encrypted at rest and on the wire. Be sure to set up IAM to limit exposure and ensure that access is only via AWS STS. Then add a lifecycle rule that deletes the object (by object that could be a standard mbox formatted email or any email message). When one uploads be sure to gpg encrypt the object before syncing or go one step further and create lambda function to encrypt and upload for you

The added benefit here is one can script the above and deploy when needed thus future proofing themselves. Plus the use of one’s own domains and other trust factors. On top of this, it becomes a marketable skill/toolset to clients/employers.

The classic rule applies: if you do not want it to live forever, do not put it on the Internet. How can an app absolutely limit taking a screenshot?

1 Like

or for that matter archive.org’s crawler or googlebot?

The explanation…

This is a class I would love to take… I know just enough to know I know nothing!

2 Likes

The famous words of exactly what not to do in security.

Encrypt the docs using well implemented protocols before uploading; if you don’t trust one provider to delete the data, then the threat model that somehow trusts AWS to not do the same thing is a broken threat model.

Alternatively there is already well made off the shelf software for this; personally I use LiquidFiles, some people use the new Google confidential message mode, some just stick with GPG.

-Jim

Jim, hope you noticed at the end I advocate for gpg encrypting before it’s aes encrypted on the wire and at rest.

Heck I even point out using one time tokens.

@hon1nbo & @denzuko

What would you use to encrypt files and external hard disk. anything which solves all these in all OS

  1. Encrypt/Decrypt individual files
  2. Encrypt/Decrypt a whole External HDD/SSD
  3. Create a hidden encrypted partition in HDD/SSD so that I can use other partition as regular HDD

I use industry standard encryption (aes256 and elliptic curve). Usually made user friendly with veracrypt and keybase.

Otherwise when I cannot install those then I just use GPG and openssl.

Same as Denzuko (GPG/friendly utilities. On Linux I use LUKS for FDE)

However if you have a Self Encrypting Drive from Samsung (not Crucial or some of the others as they don’t encrypt properly through recent testing) the you can use it’s internal encryption as well (their drives are also the cheaper SEDs as well).

also; almost vim with vimail.