Mozilla’s new file-transfer service isn’t perfect, but it’s drop-dead easy
Mozilla is testing a new service that makes it dead simple and quick for people to semi-securely share files with anyone on the Internet.
Send, as the service is called, allows senders to encrypt any 1-gigabyte or less file and upload it to a Mozilla server. The service then creates a link with a long, complex string of letters in it that’s required to download and decrypt the file. Mozilla will automatically delete the encrypted file as soon as it’s downloaded or within 24 hours of being uploaded, even if no one has downloaded it.
Send offers reasonable security and privacy assurances. The service uses an algorithm known as AES-GCM-128 to encrypt and authenticate data on the sender’s computer before uploading it to Mozilla servers. And it also uses the Web crypto programming interface, which is one of the better-tested ways Internet applications can perform cryptographic operations without having access to decryption keys. Still, Send shouldn’t be trusted with the most sensitive types of data, such as files that might land a dissident or whistleblower in prison.