Mozilla’s new file-transfer service isn’t perfect, but it’s drop-dead easy

reader comments 3[1]Share this story

Mozilla is testing a new service that makes it dead simple and quick for people to semi-securely share files with anyone on the Internet. Send[2], as the service is called, allows senders to encrypt any 1-gigabyte or less file and upload it to a Mozilla server. The service then creates a link with a long, complex string of letters in it that’s required to download and decrypt the file.

Mozilla will automatically delete the encrypted file as soon as it’s downloaded or within 24 hours of being uploaded, even if no one has downloaded it. Send offers reasonable security and privacy assurances. The service uses an algorithm known as AES-GCM-128 to encrypt and authenticate data on the sender’s computer before uploading it to Mozilla servers.

And it also uses the Web crypto programming interface[3], which is one of the better-tested ways Internet applications can perform cryptographic operations without having access to decryption keys. Still, Send shouldn’t be trusted with the most sensitive types of data, such as files that might land a dissident or whistleblower in prison. “Of course, you’ll probably hear from naysayers who say doing crypto in the browser with JavaScript is a terrible thing,” Justin Troutman, a cryptography and privacy expert and program manager at the Freedom of the Press Foundation[4], told Ars. “But they’re using the WebCrypto API, which is probably the sanest way to do it, if you’re going to do it.”

Another potential weak point: a quick test by researchers at antivirus provider Bitdefender found that the one-download limitation can be bypassed when two users access the link at the same time[5]. The researchers found that there’s a delay of a few seconds for servers to be notified that a download has completed. That delay, they discovered, is longer for bigger files.

In certain cases, the delay might allow an attacker to download a file the legitimate parties believe was no longer available. Another drawback: Send will store basic information on the sender’s local device. This information includes the Send identifier for the file, the filename, and the unique download link for the transmitted file.

The information, however, is deleted once the sender deletes the uploaded file or visits the Send service after the file has expired. Users are also subject to Mozilla’s privacy policy[6], which, among other things, allows the service to temporarily retain IP addresses in server logs. Send also collects performance and diagnostic information, including how often users upload files, how long the files remain before expiring, any errors related to file transfers, and what cryptographic protocols a user’s browser supports.

Last, the security of the service requires the generated download to remain private. Anyone who obtains it can download and decrypt the uploaded file. Those weaknesses or limitations aside, Send may be a better way to transmit files.

Many e-mail services limit attachments to 100 megabytes or less. And unless the sending and receiving parties clear special hurdles, the transmitted data can sit unencrypted on e-mail servers indefinitely. Besides the crypto and self-expiration happening automatically, the service also provides an extremely simple interface.

At the moment, Mozilla is describing Send as a test-pilot experiment.

References

  1. ^ 3 posters participating (arstechnica.com)
  2. ^ Send (send.firefox.com)
  3. ^ Web crypto programming interface (en.wikipedia.org)
  4. ^ Freedom of the Press Foundation (freedom.press)
  5. ^ two users access the link at the same time (hotforsecurity.bitdefender.com)
  6. ^ Mozilla’s privacy policy (www.mozilla.org)

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *