i personally prefer file.pizza, especially considering it is an open source webrtc implementation that doesn't persist the data via any middle man (https://github.com/kern/filepizza)
Thanks for sharing that, it is also very cool! I think the two projects have slightly different use cases though. Two things come to mind:
* Sender and Receiver must directly connect using file.pizza, revealing IP addresses to one another.
* Both users must be online at the same time with file.pizza, and be able to communicate in near real time to exchange the link.
Pastebin for binary files? By the look of things, clean and easy to use? Handy!
It's probably time to start thinking about ways to monetise this to pay for the hosting costs at least.
Also, have you talked to a lawyer yet? If this takes off and you keep it up long enough, inevitably you're going to get people using it for child porn, stolen credit card numbers, leaked classified documents, instructions on how to make home-made bombs etc and someday a relevant law enforcement agency is going to want to have a conversation about the content that Mr Smith sent to Mr Jones via your server. It's probably a good idea to get your legal position straight before that day rather than trying to do it after the fact. And yes, I do recommend talking to an actual lawyer. Internet commentary is not an adequate substitute for legal advice here.
Seems like a lot of the issues are mitigated by the file going away after the first download. Especially if there really are no logs or anything at that point.
I am not a lawyer™ but the creators should definitely consult one to 1) determine how much risk they are exposing themselves to and 2) determine a reasonable course of action to limit that risk exposure. The question is not on whether or not we believe something to be "legal" or "illegal" but whether or not some part of their service might draw the attention of a group large and angry enough that might try to make them prove something in front of a judge. This is the real danger to a small group of developers: the RIAA has many lawyers on retainer while the upfront cost of dealing with a lawsuit would bankrupt most individual developers.
Thanks for using park.io and I'm glad you had a good experience.
park.io doesn't just get domains from drop-catching when they expire. Sometimes we buy them from the previous owner directly. Also, not all sales go through the drop-catching/auction process, for example users can park their domains on park.io and set a "Buy it Now" price for their parked domain, so domains also sell in this way.
file.io was never listed because it never expired/dropped or went to auction. We bought it directly from the previous owner and it was parked on park.io. I have now used it for the service posted here. What you quoted above was said to advertise park.io, and I apologize if it is misleading.
you're free to buy the domains yourself? he bought it from the previous owner and has every right to use it as he sees fit, and in this case actually launched a useful service in place of just sitting on it.
park.io discloses that they buy some names for their own portfolio. Whether disclosure makes it appear less disingenuous is in the eye of the beholder.
In their FAQ, park.io writes that one of the reasons an expiring name might not be listed is "because we intend to order this domain for our own portfolio. We don't do this often, but every once in a while there is a domain we want for our own collection and so we do not list it on park.io."
Nice service. You should considered a default expiration (a week?) to lighten the load, and an option for multiple downloads (?dl=3) so the first n get a copy or multiple tries if corrupted.
Also, you don't keep logs but what about your cloud provider? What guarantees can you make about them, and what responsibility do programmers have to explain the risks to the public? It seems wrong to say "anonymous and secure" without some qualifiers: you must use https, unencrypted files might be copied by the cloud provider, etc...
Thanks for the helpful feedback. Yes, I think a default expiration is a good idea and will be adding this. Other have asked about the ability for multiple downloads, so I am considering this.
Large files could become a problem, since any request causes the file to be deleted. There is no chance to retry. But, this is the most secure way handle file deletion.
You could offer an option that would delete the file after X% of bytes are downloaded.
I have been working a simple server to do just this, I am calling it a nonce file server. I have been coming across times when I need to deliver a file once, and only once.
https://curl.io/ has been doing that for a while. 20GB file size limit, deleted after 4 hours. I've used it here and there and its useful for quick, temporary storage.
Cute. Potentially useful. It would, of course, be a disaster for you if its use took off and you ended up handling a lot of illegal material, or even if it were enough of a success that you used a lot of bandwidth.
The oneshotness of it does mitigate that a bit. If someone wants to share material with N people they have to upload it N times, which rate-limits (ab)use.
I think the file size limit is currently 500MB, but I may try to increase this at some point. There isn't any lower time limit than one day right now, but thanks for the feedback - it would be cool to have, so maybe I can add it soon
Time limits of a few minutes would be useful, but if you do that make sure you time from upload complete to download start and don't expire things in the middle of a download.
It's a very simple yet useful idea. It might be cool if you could specify your own link. That way you could tell someone in advance to check file.io/someLongRandomString in the future .
> file.io is a project of humb.ly. It was created simply out of the joy of trying to build cool things on the internet, and we thought it may be useful for others. We take privacy very seriously and do not save any data once it has been deleted.
But going to humb.ly still doesn't really get me to trust you, there's not even any identifying info on that page. Two projects, one discontinued and one -- it seems -- novelty "religion".
It said that before, too — I was paraphrasing. "humb.ly" is a more trustable name than, say, "Megaupload", but they can say whatever they want.
What I want is some assurance like "The EFF has complete read-access to our platform and maintains a continuous independent audit of these services to verify that we comply with our own privacy assurances." The EFF is probably not the organization to do such a thing, but that's kind of what I'm looking for.
If you are that concerned about security you should be willing to deal with the effort of encrypting it client side and understanding how to also decrypt on the receiving side.
If paranoia is this high, why would a security policy text on a web page make any difference? They could claim anything they want, but you wouldn't have any idea if any actual encryption was happening, so best to do it yourself.
Although perhaps more constraining, why not use a website that uses WebRTC data channels to transfer the files? Then you can be more sure the data isn't persisting in a datacenter somewhere. Plus, it is more plausible that the service can remain free and private.
As you pointed out, it is a bit more constraining due to the support for WebRTC and users behind an SNAT, but I think for the majority of users it works well.
It might be a bug (could be a feature?) but when I paste the link into Slack, Slack visits the link and then when a contact goes to download it, it's already been deleted.
Love the site though. Maybe it's not designed for sharing files over services like Slack.
1. Nice implementation of a potentially useful micro service. 2. Nice domain name. 3. You should put more details in your FAQ like "no, this is not guaranteed to be a perfect technical solution" and "we'll happily work with law enforcement if you're a pedophile". 4. I always look down on services that don't have an immediate and obvious way of making money, as it'll likely be gone tomorrow. 5. MVPs are all well and good, but a few more simple features wouldn't hurt: time-based expiration, multiple downloads allowed and passwords, or whatever else seems simple and useful.
Data remanence is a really hard problem. Are you sure this lives up to your claims that "the file is completely deleted without a trace"? How are you storing them? Do they ever hit e.g. an SSD in plaintext?
Do you think that it makes sense for a new ephemeral files hosting site to signal that it accepts child porn on its servers, in a jurisdiction where child porn is completely illegal and can potentially get the creators of the site onto a sex offender list? Is that wise? Why are we punishing people for being careful about this?
Is drag & drop really easier than just selecting a file from a dialog box? Almost every modern file uploading service has it, but I've never really found it useful. I've always thought of it as a feature that people enable "just because they can."
As a developer, it's pretty rare for me to have the folder containing the file I'd like to upload already open in an Explorer/Finder/whatever window. (I'm more likely to have it open in a terminal.) So it will take exactly the same amount of work for me to navigate to the folder in a dialog box as in an Explorer window.
Even if I happen to have the folder open in Explorer, it's a hassle to move, resize, or otherwise organize my non-tiled windows so that both the file I'd like to drag and the space where I need to drop it are visible at the same time. Larger or multiple screens won't help, as I'll just clutter them up with more windows. I could drag to the taskbar to bring the browser to the foreground, but again that's the kind of hassle that I won't need to incur if I just used the dialog box.
For ordinary people with small-screened laptops and tablets, I assume it will be even harder to keep two apps open in a way so as to enable drag & drop, especially since a lot of people just maximize every window. (Can't blame them when they're stuck with 1366x768 screens and/or platforms that encourage fullscreen apps.)
Something similar I made a while back for those interested in hosting their own file-upload service via S3. You can configure S3's object expiration to delete/expire files after a set amount of days.
I still use it today for sending files here and there. :)
Maybe tangential, but i find myself reminded of a article/blog entry a year or more ago that talked about how the ISPs and big media was to blame for why we still don't have simple, practical ways of transferring files across the net.
Sadly i didn't bookmark it at the time, and i would like to revisit it and check some of the details.
No privacy policy, no technical details on how the files are stored / "securely deleted" / etc., no definition of what "illegal" means (i.e. which national/state/provincial/local/etc. jurisdiction is relevant for this site). Looks cool, but I'm certainly not touching this without client-side encryption until those missing things are made not-missing.
Facebook is one, Slack (mentioned by someone else) is another, Yahoo Mail, Microsoft...
Does anyone know of a listing of these bots that attempt to preview links? From what I've seen, these bots tend to ignore robots.txt since they are not crawlers, so seemingly need to be handled one by one.
If authorities ask you/demand with a court order "who uploaded this file" you can hand out his ip. I also believe( haven't checked his one) you must retain a copy of all files for a short period of time even if they inaccessible to end users.
Privacy yes, but legal? If you operate a website/ service that may be used for illegal purposes then I think you need to be able to track down illegal activities.
The US actually does not have any kind of legally mandated data retention for internet services. If you do not log the data, you cannot be compelled to turn it over.
This is nice service and I like these kind of microservices, but I miss security here. I think you should consider some integration with services such as metascan-online.com(I work for company who is creating this), or other services for file scans. I always try to answer following question with services like this:
How can I know, that there is no malware in the shared file?
From the username I noticed the creator is also the owner of http://park.io --- a cool domain dropcatching service for .io, .ly, .to, and .me domains.
The one time I had a support request it was dealt with promptly by the founder himself.
Be careful though --- I got the bright idea to be an amateur domain speculator... So far I've spent a cool $1000 on 10 domain names and am now discovering flipping them is harder than I thought!
Shameless self-plug for anyone who might be interested in my portfolio: http://cerebral.io
haha, thanks for using park.io! I'm glad you were pleased with the support, it is important to me. Best of luck selling the domains - you have some nice ones
