2 min read

Be careful using Mozilla"s new file sharing service "Send"

Filip TRUȚĂ

August 07, 2017

Be careful using Mozilla"s new file sharing service "Send"

Mozilla is testing a new and convenient file sharing service for users of any modern browser, including rivals Chrome, Internet Explorer, Edge, Opera and Safari. “Send,” as the service is called, promises to allow users to securely swap files, rendering the download link invalid after the first download is completed.

With a seemingly dim 7% market share, Firefox is one of the most widely-used web browsers, trailing only Chrome and Internet Explorer, and occupying a comfortable 3rd spot in the desktop segment, ahead of Opera, Edge, and other browsers. That keeps Mozilla busy building exciting new features for its user base, including one recent file-sharing service called “Send.”

A test pilot program, Send hopes to become a one-stop-shop for swapping files no larger than 1GB, conveniently and, more importantly, securely between users of “any modern web browser.”

Send promises to:

  1. encrypt the uploaded file
  2. generate a unique URL that expires after the recipient completes the download
  3. render the link invalid if 24 hours have passed without anyone downloading the file

“Send lets you upload and encrypt large files (up to 1GB) to share online,” Mozilla says in a recent Test Pilot post. “When you upload a file, Send creates a link to pass along to whoever you want. Each link created by Send will expire after 1 download or 24 hours, and all sent files will be automatically deleted from the Send server.”

While convenient, Send throws in the decryption key with the download, which means the service is not immune to man-in-the-middle (MITM) attacks.

“You should not provide the link to anyone you do not want to have access to your encrypted file,” Mozilla warns.

A quick in-house test conducted at the time of writing suggests that the one-download rule can be broken if two different users access the link at the same time. Our test indicates it takes more than a few seconds for the servers to be notified that the first download has completed, especially in the case of a large file. This would allow a third party to download the same file, provided they had access to the link at around the same time.

Mozilla labels Send a “web experiment,” and users should take those words to heart. Send offers an admittedly seamless experience with its authentication-free, drag-and drop functionality. However, for the time being, the service should only be used to share non-sensitive information with trusty recipients using trusty communication services. Send does not seem suited for business use, sharing corporate data, or for communicating sensitive information of any kind. Not yet, anyway.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Romance scammers arrested in Texas for defrauding elderly lonely hearts Romance scammers arrested in Texas for defrauding elderly lonely hearts
Graham CLULEY

September 28, 2021

3 min read
iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find iCloud Private Relay Vulnerability Exposes User IP Addresses, Researchers Find
Silviu STAHIE

September 27, 2021

1 min read
Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement Bitcoin.org Compromised; Attackers Posted “Double Your Money” Announcement
Silviu STAHIE

September 27, 2021

1 min read