Experimental Mozilla Send service allows users share encrypted copy of huge files
7.8.2017 securityaffairs Krypto
Mozilla Send service allows users to make an encrypted copy of a local file, store it on a remote server, and share it with a single recipient.
Mozilla has presented Send, an experimental service that allows users to make an encrypted copy of a local file, store it on a remote server, and share it with a single recipient. The service allows to easily share large files in a secure way.
Once the copy has been shared, the data will be deleted from the server.
The Send service is offered through Mozilla’s Test Pilot program for previewing new features developed for the Firefox browser.
The Send service was developed on Node.js backed by a Redis database running on Amazon Web Services. It relies on the Web Cryptography JavaScript API with the AES-GCM algorithm for client side encryption. Using the Send service is very simple, upon selecting a local file, the Mozilla application encrypts it client-side and uploads it to AWS.
Then the user will receive an URL generated by the Mozilla Send service that contains the encryption key, this link can be shared with the recipient of the file.
“Each link created by Send will expire after one download or 24 hours, and all sent files will be automatically deleted from the Send server,” reads a blog post published by Mozilla.
Of course, the first thought is for privacy issues, but Mozilla clarified that it would not be able to unlock a stored file, even upon receipt of a lawful warrant.
Giving a look at the generated URL it is possible to note that a portion of the link after the character ‘#’ contains the generated key that is not sent to the Mozilla server.
Experts argue that anyway AWS is able to recover a file, for example, upon receipt of a lawful warrant it could be forced to retain them. The Send service sends the file name and other data in plain text.
The keys generated by the Mozilla Send service might be recoverable from the messaging service used to share it or from log files.
Send service is an ongoing experimental project, Mozilla is updating it continuously, if you are curious you can access the GitHub repository and look at the open issues.