137

Send: Share Files Safely with This Open-Source Successor Of Firefox Send(Firefox Send Fork) (techwavearena.com)

submitted 1 week ago* (last edited 1 week ago) by dl007@lemmy.ml to c/opensource@lemmy.ml

31 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] peregus@lemmy.world 1 points 1 week ago* (last edited 1 week ago)

The recipients retrieve the encrypted data and decrypt it themselves

Ok, but how can the recipient decrypt it if he doesn't have the key? The only thing that's shared is the URL and if the key is in the URL, well, I don't know what's the use for it since the server knows it.

[-] chebra@mstdn.io 0 points 1 week ago

@peregus Apparently some of your assumptions must be incorrect

[-] peregus@lemmy.world 1 points 1 week ago

Do you mind sharing with us what's incorrect? I'm here to learn.

[-] chebra@mstdn.io 0 points 1 week ago

@peregus It's explained in other threads here. The key is in the url but behind # and that part is invisible to the server. protocol://host:port/path?query#fragment, server will only see ..?query, so both participants can decrypt, but server can't => E2EE

[-] peregus@lemmy.world 1 points 1 week ago

But it's the server that creates the URL in the first place, so it must knows it, right? ...or wrong?

[-] chebra@mstdn.io 1 points 1 week ago

@peregus No that would be created by javascript in the sender's browser.

[-] peregus@lemmy.world 1 points 1 week ago

Oh, ok, now I get it. So it could be checked by a third party if that code is really created by the browser and if it's not sent to the server, correct?

[-] chebra@mstdn.io 0 points 1 week ago

@peregus yes, that would be here: https://github.com/timvisee/send/blob/master/app/fileSender.js#L81

[-] peregus@lemmy.world 1 points 1 week ago

@chebra@mstdn.io but the owner of the server could change it, could it be checked directly on the webpage of the service? Not that I will do it (I can't, I can't read that code), I'm just curious.

[-] chebra@mstdn.io 2 points 1 week ago

@peregus yes, well the javascript on the site is minified, but I found this place even in the minified code. At this level it would be easier to take the source code and compile your own, host your own instance, then you know exactly what code is running there. And their minified code could be directly compared with your minified code... the beauty of open-source software.