Thursday Tech Tip: Sharing Files Securely

email security 1.png

By Josh Bowen, Chispa

Did you know that everything you send in an email could be read by your internet provider, the government, your email host, and maybe even hackers? Sometimes the internet can be a scary place. Who do we trust? How do we stay safe? Is this Nigerian Prince really going to wire me $100,000,000 if I reply to his email with my bank account information?

One of the biggest areas consumers need to better understand is email and file sharing. Whither at work, in school, or in daily life; we are asked “can you email it to me”, “just send it as an attachment”, and “can you share those photos”. This may seem simple to some but for many people it’s black magic.

There is hope, you can stay safe without compromising privacy or convince! I am going to introduce a fantastic service called Firefox Send, explain how to use it, why it’s secure, and some alternative methods of securely sharing files.

What is Firefox Send

Their tagline is “Simple, private file sharing” and it delivers. To explain how it differs from what you’re used to let’s start with a method millions of people use to share photos. After a great family gathering the (usually self-appointed) family photographer will whip out their phone, open Facebook, and start uploading all the photos from that day, even the ones where you were captured mid-blink. Once finished, they will tag you in all the photos and you will get a notification. From there, you could download any of those photos at your leisure. The downside to this is that even if you make some of those photos private, because they were public for an hour or two they could already be on internet archive pages or downloaded by anyone with access.

Instead, one would go to the Firefox Send website, upload the photos, and send you a secure link that expires after a few hours or days. Any files uploaded through this service are encrypted meaning that if intercepted, there would only be gibberish. Because the link expires after a given number of downloads or amount of time, you can rest assured that your files or photos, though encrypted, are not floating around somewhere on the internet.

How to use it & why it is secure

First, visit send.firefox.com in any web browser, drag and drop (or click the upload button), and specify the time or number of downloads before the link expires. After that you can send the link away and forget about it! You can send any file up to 1 GB or up to 2.5 GB if you sign up for a free Firefox account.

When you upload a file, it is encrypted in the browser, while still on your computer. This means that the un-encrypted contents of your file and the key to unlock the file are never transmitted off your computer. Even if they wanted to, Mozilla couldn’t look at your file, they host the files on Amazon Web Services and they couldn’t look at it either.

Aside from the Mozilla organization having a history of respecting and fighting for the privacy of everyone on the internet, the source code that makes up Firefox Send is available to the public. This means that anyone with the time and willingness to learn could set up their own version of this service on their own computers and guarantee their files’ safety. This also means that any programmer can look at the code to verify it does what they say it does.

Some alternatives

Many people use Google Drive, included for free with a Gmail account, to send files. While this is a secure method, we know that Google uses information about what you do across all their services, to sell advertisements. When you use this option files are not automatically deleted and sharing links do not expire automatically. The same concerns about deletion and expiration apply to other cloud services like Dropbox, iCloud, and One Drive.

Another option is a service called Hightail which offers a lot of nice features such as delivery tracking and time expiration. However, this service is very limited in the free version and costs a little more than regular cloud services.

If your company uses an application like Slack, it too can be used for file sharing. While there is no expiration or encryption, you know that all files sent on your company Slack can only be accesses by people in your company if posting in a public channel, or only by the recipient(s) in a private channel or direct/group message.