back to article Send mixed messages: Mozilla wants you to try its encrypted file sharing

Mozilla has just rolled out an experimental service called Send that allows users to make an encrypted copy of a local file, store it on a remote server, and share it with a single recipient. And once shared, the encrypted data gets deleted from the server. Send solves what used to be a common problem, sending a large file …

  1. Anonymous Coward
    Anonymous Coward

    This could be fairly convenient. Now, to state the obvious, better security would be...better :)

  2. inmypjs Silver badge

    to check for hashes associated with known unlawful images and videos.

    So the acid test for a service like this to be safe to share kiddy porn is an immediate fail.

    That kim.dotcom bloke already provides something like this on his MEGA file hosting service. Last time I looked 50GB for free and the files don't poof after a day. I think I would trust his service more.

    Wish Mozilla would concentrate on making a good browser.

    1. Infernoz Bronze badge
      FAIL

      Re: to check for hashes associated with known unlawful images and videos.

      Providing a separate digest of the unencrypted content of _private_ end-to-end encryption is security negligence; it violates privacy and may even aid cryptographic cracking!

      Any IP arguments for passing/retaining hashes are a irrelevant; IP businesses routinely abuse fair use and false positive block, and IP is a stagnant swamp anyway. Also, the political arguments against complete cryptographic privacy are corrupt thuggery to protect politicians and elite from the public, not protect the public; the real solution to Islamic terrorism is rapid deportation/voided-nationality, banning Wahhabi funding of Muslim organisations, banning Mosques (Sharia Courts), and banning Islamic schools.

      Mozilla should stop wasting time on redundant fluff like this, kick out _all_ the SJWs, who used specious SJW tactics to get rid of the previous head (now running Brave), finally make a browser which never stalls all windows (_still_ not f'ing there yet!), and damned well retain the old extension APIs until they provide much better migration support in the new extension APIs. The extensions are the main reason why I still use alt. builds of Firefox, like Waterfox, never the Mozilla builds with damned Pocket etc.

    2. Flocke Kroes Silver badge

      Re: Salted hash

      Just tested appending 8 bytes to an image of a young goat. The sha512sum changed but the image displayed correctly. Should work for cat videos too. Clearly the only solution is for May to ban all image and video display software.

      1. Anonymous Coward
        Anonymous Coward

        Re: Salted hash

        "Just tested appending 8 bytes to an image of a young goat"

        So now it's OK for goat porn then?! ISIS will be pleased...

        1. jake Silver badge

          Re: Salted hash

          Goat porn? Don't be silly. I was thinking goat curry ... Jamaican style. The habeneros are finally ripening.

  3. Nick Kew
    Alert

    Hmmm?

    While this may be a reasonably secure arrangement, it's far from perfect. AWS might be able to recover a deleted file or be forced to retain them, given sufficient motivation, and the key might be recoverable from log files or the messaging service used to send it.

    What's that based on? What leads you to suppose Moz, AWS, or any intermediary ever had sight of the private key?

    I'm not saying you're wrong: I haven't studied the source code or even the docs (have you?), so I don't know (and I'd be wary of using anything more automated than commandline PGP to encrypt something really sensitive). But I'd be very disappointed in the Moz team[1] if they were to open that kind of backdoor.

    [1] At least, until we have reports of infiltration of the team by agents of governments such as UK or Oz.

    1. Anonymous Coward
      Anonymous Coward

      Re: Hmmm?

      "log files or the messaging service used to send it."

      I suppose this only reflects that the handful of ways to send the necessary key aren't necessarily trusted. I suppose a smart cat would have used [something like] this for the bulk data and PGP in the email. And for log files, FDE. But you said it-- everyone still has to trust Mozilla's code ;) (typed in FF 47 that was compiled over a year ago)

      1. Anonymous Coward
        Anonymous Coward

        urgh, edit window. this machine has been off for most of a year-- I don't advocate running an old non-LTS FF or anything. nowadays I can't even advocate running the current FF, as Mozilla is in topsy-turvy world. Waterfox seems OK. and you know how it is with Funtoo, a single month without 'emerge system world' potentially turns the next run into a project

  4. Anonymous Coward
    Anonymous Coward

    The two users still have to exchange the key (link) - which also needs to be in an encrypted message.

    1. Ben Tasker

      Yeah, basically they've fallen in the same trap that many others have. They've done the easy bit - encrypting the files, and left the users to deal with the much harder challenge: securely exchanging keys (or in this case, the URL). Compromise of that URL means compromise of the file.

      I've got a BASH script that'll generate a one-time pad for any given file, and then encrypt it with it. But because of the difficulties in securely exchanging keys it's next to useless in practice.

      The medium you use to exchange the key needs to be at least secure enough to send the file (if it's not, you risk compromise of that file). If you consider (say) skype IM secure enough to send the key you may as well just send the file (or break it into chunks and send each using different services).

      What this might do, though, is mean that users who wouldn't normally encrypt files they're sending start doing so, because it's all but transparent to them. More encrypted traffic flying around is a good thing for all of us as it increases the size of the haystack.

      Basically, I think the functionality misses the mark a bit. But, because it's conveniently located in a popular application it may still have some positive benefits.

  5. Peter Prof Fox

    I may not have understood

    Surely encryption is easy and scriptable on the local machine.

    And FTPing a file to a known location the same.

    And deleting is FTPish and at a time of my choosing.

    It's getting the secret key to the recipient that's the tricky part.

    As I understand it, the secret key changes every time and isn't known ahead of time. So what's the benefits again?

  6. Nolveys
    Windows

    Next Year's New Abandoned Project

    I'm seeing this thing ending up on the same pile as Firefox OS and friends.

    Why not spend the time and effort working on Firefox or, hey, how about Thunderbird? There is still a strong need for desktop mail clients. I tend to use Thunderbird because it's the least poopy of a selection of very poopy products. There are a *lot* of things that could be done with Thunderbird to make it better. The IMAP implementation is buggy as hell, on-disk mail storage goes off the rails on a regular basis, the address book file format is batshit insane, the list goes on.

    Oh well, off we go to reinvent the wheel, badly, and then throw the semi-functional result on the giant tire fire of abandoned projects.

    1. Anonymous Coward
      Joke

      Re: "Firefox OS and Friends"

      Was that the Kids TV show spin off?

      1. Captain DaFt

        Re: "Firefox OS and Friends"

        Was that the Kids TV show spin off?

        Actually, the kid's TV show is Mozilla's next big project.

    2. Anonymous Coward
      Anonymous Coward

      Re: Next Year's New Abandoned Project

      "There are a *lot* of things that could be done with Thunderbird to make it better."

      Agreed, but my fear is that if Mozilla did turn its attention to Thunderbird it would start ripping out useful features and dumb it down until it was no longer fit for purpose, just like they have been doing to Firefox.

  7. John H Woods

    Security through obscurity...

    That is what this is, right? You're just hiding the key somewhere else. Text message, perhaps? Or is it for those edge cases where you have access to secure transmission of a key, but not of a file?

    1. Cynic_999

      Re: Security through obscurity...

      "

      Or is it for those edge cases where you have access to secure transmission of a key, but not of a file?

      "

      Not really an edge case as the article points out. You can use PGP and email to send the key securely but you cannot send a large (>100MB) file via most email services. This is a one-to-one service, which is perfect for PGP.

      However I would still encrypt any sensitive files separately before uploading (could also use PGP for that). If Firefox intends to use hashes to identify viruses and illegal files, they could well also be intending to use it to identify copyright material (music, films etc.)

  8. jake Silver badge

    Question for all y'all...

    How many times have you been using your browser (for anything!) and suddenly decided to send off a couple hundred megs of encrypted data to another party and thought to yourself "Ya know, I wish I could do this from my browser!"? ... Answers on a postcard.

    Seriously, talk about an unneeded, unwanted, unnecessary "feature". How about making the browser smaller, faster and lighter instead? Feeping creatureism is almost always a sign of impending demise.

    1. Adam 1

      Re: Question for all y'all...

      Shirley the ability to send hundreds of megs of encrypted data belongs in the init system.

      1. jake Silver badge

        Re: Question for all y'all...

        Poettering hasn't added sending encrypted files yet? Is he slipping? I wouldn't know, I gave up on even evaluating the clusterfuck about a year and a half ago.

        1. Anonymous Coward
          Anonymous Coward

          Re: Question for all y'all...

          Poettering's law, the Godwin's law of our time. As an online discussion grows longer, the probability that someone will suggest adding the subject of the discussion to systemd approaches 1.

          1. Adam 1

            Re: Question for all y'all...

            Well given that systemd is now able to use its AI engine to autonomously comment in the El Reg forums....

            1. jake Silver badge

              Re: Question for all y'all...

              "Autonomous Coward", eh?

    2. brotherelf

      Re: Question for all y'all...

      Alas, Mozilla's main target audience doesn't understand your question because to them, "the computer", "the internet", "the web" and "the browser" are one and the same, like it or not.

      1. jake Silver badge

        Re: Question for all y'all...

        How many of these proverbial people who think "the computer", "the internet", "the web" and "the browser" are one and the same could conceive of a reason to encrypt a couple hundred megs of data? More to the point, how many of them would even know what encryption is, much less that it's an option?

        Face it, this "idea" doesn't have a target audience. It's being added just because they can. And that is not a good sign for anybody who wishes the project well.

      2. Updraft102

        Re: Question for all y'all...

        "Alas, Mozilla's main target audience doesn't understand your question because to them, "the computer", "the internet", "the web" and "the browser" are one and the same, like it or not."

        And that's a big part of what ails Mozilla. Chrome is already custom built for those users; Mozilla has always been more popular with for power users than people who don't know the difference between those things. In its fruitless effort to go after a market they are highly unlikely to get, they're forsaking their existing user base.

        There's a lot of that going around, it seems.

  9. Anonymous Coward
    Anonymous Coward

    why bother when there is keybase ??

    Keybase is a free, open source security app. It's also a public directory of people.

    The Keybase app helps you perform cryptographically-secure operations with people you know on the Internet: chatting, file sharing, even publishing public documents. It's all easier and safer with Keybase.

    https://keybase.io/

    1. luminous

      Re: why bother when there is keybase ??

      Because I don't want to install an app just to send a file?

      And if I need a client to send me some large files, there is no way I'm going to tell them to install an app so that they can. If I can send them a link, then they can drag and drop a password protected zip file and it's almost done - it's so much easier. The key can be shared in a chat app that supports end to end encryption - easy, and they can tell me the zip password over the phone. Nothing I deal with needs more security measures than this.

      Things like WeTransfer have offered a similar service for years. There are use cases for this sort of thing. I would love it if everyone could use FTP but it's very rare that you find someone who even knows what it is these days.

  10. Unclezip

    Allegedly deleted.

  11. Anonymous Coward
    Anonymous Coward

    Long solved problem

    Encrypting the file name remains an open issue.

    I'm puzzled. Cryptomator solved all of that quite a while back and it works. Has anyone from the Moz team looked at that or did they just decide that the world needs Yet Another encryption utility, and Not Invented Here was not acceptable?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like