-
-
Notifications
You must be signed in to change notification settings - Fork 385
📝 Correction | rework the file-sharing site #1828
Comments
I have tested ShareDrop, and although it's very easy to use, it has some limitations. First, it's only fully compatible with Chrome browser, and only partially with Firefox (depending on the network configuration, the Firefox browser may not send notifications). Secondly, it has an unclear file size limit. The limit is not hard coded, but if the file is too big, it's not going to be transmitted fully. Magic Wormhole and the other solutions provided on PTIO are much more reliable in my experience. I don't know about Snapdrop, it looks quite promising, but if it's limited to sharing with LAN it's a big limitation. |
well... on firefox webrtc implementation is worked on right now, so perhaps it will get better with the next releases.
i would expect this from them as they are designed for file-sharing... but a simple browser-upload not really. i never suggested, that even one of them is better at any nuance than the solutions provided on PTIO, thus i just suggested them to be only woth mentioning (the smaller section below)... because they are still better than unencrypted mails or messengers for quick file-sharing if someone just needs it once in a while and/or doesn't want to install an extra software. |
While tools like snapdrop.net are limited, there are use cases for them. For example, I have a linux laptop and an ipad. I can't use itunes to transfer files since it doesn't have a linux version (and it doesn't work on wine) so I use snapdrop for transfering files between the two devices. Or even android to ipad &vice-versa. It's more convenient than using cloud or firefox send. |
So here is an updated opinion on sharedrop and snapdrop:
So IMHO if someone can confirm that the security of file sharing with sharedrop is OK, I would support adding it in Worth Mentioning. |
ok... the LAN/internet argument sounds reasonable. regarding encryption: |
Thank you for the clarification, this makes sense. According to Snapdrop's
readme, it uses both WebRTC and a fallback to Websockets to support more
devices and browsers (so is websockets as secure?), whereas Sharedrop uses
WebRTC only.
If noone raises an objection, i will make a PR to add Sharedrop in Worth
Mentioning :-)
Le mar. 26 mai 2020 à 09:26, DJCrashdummy <[email protected]> a
écrit :
… ok... the LAN/internet argument sounds reasonable.
regarding encryption:
(i'm not a security researcher, but) IIRC these tools use WebRTC. and
transport encryption in WebRTC is mandatory, so either DTLS
<https://en.wikipedia.org/wiki/Datagram_Transport_Layer_Security> or SRTP
<https://en.wikipedia.org/wiki/Secure_Real-time_Transport_Protocol> is
used for the files... and because it uses P2P connections, it's de-facto
E2EE.
the only data which gets to the server are data used to establish the P2P
connection. so beside the IP address, the time and the browsers fingerprint
could be collected... which i highly doubt (look at the source).
...and btw: all these data may even be collected by any other website you
are surfing.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#1828 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAIRFXQ5U7JM3DAAPQZJDYDRTNVK5ANCNFSM4MG3TX4A>
.
|
well, you can compare WebSocket with HTTP: it can be unencrypted ( |
Ah great thank you, that will be something to consider when (if?) snapdrop implements support for sharing over internet. |
Sorry for the delay, I forgot to make a PR! It's now done :-) BTW, ShareDrop now added an introductory dialog box on first connection to explain how to use it and also its security, which clears up any doubt:
Also SnapDrop may allow transfers through internet in the future. |
Description
well... this issue is a mixture of a correction and a kind of suggestion:
how about differnciating between
file-sharing
tools using 3rd-party services resp. servers and them who are not.Why I am making the suggestion
it makes a big difference if a 3rd party is involved and stores the data on its servers or not... similar to messengers which are centralized, federated or p2p.
IMHO tools like Snapdrop (LAN-sharing with notifications) or ShareDrop (possibility to share files between different networks) are at leasst "worth mentioning" because i know a bunch of people who won't setup neither wormhole nor OnionShare because of convenience and so still use unencrypted mails or other "curious" services for quick file-sharing.
i know, metadata are leaked, but IMHO it is still better than handing over the files itself to a 3rd party.
My connection with the software
none... i'm just a FOSS- and privacy-enthusiast.
btw
what is FreedomBox doing at this site? on the one hand with FreedomBox itself you can't share any file, but on the other hand it's much more than file-sharing and thus would fit anywhere.
what about a general
self-hosting
site and then also add things like YunoHost, Sandstorm and DPPM?The text was updated successfully, but these errors were encountered: