Send mixed messages: Mozilla wants you to try its encrypted file sharing

Though easy to use, the service's privacy protection isn't fully baked

Mozilla has just rolled out an experimental service called Send that allows users to make an encrypted copy of a local file, store it on a remote server, and share it with a single recipient.

And once shared, the encrypted data gets deleted from the server.

Send solves what used to be a common problem, sending a large file via email. Email services have long limited the size of file attachments, and while many still do – Gmail, for example, limits emailed files to 25MB – large service providers like Apple and Google have begun using adjacent services like iCloud and Drive to offload uploads.

Nonetheless, Send offers an alternative method of transit for files of 1GB or less, backed by encryption and an exceedingly simple interface.

Send is offered through Mozilla's Test Pilot program for previewing experimental features in the company's Firefox browser. However, it is supposed to work with any modern browser.

Send relies on Node.js code backed by a Redis database running on Amazon Web Services. Upon selecting a local file, Mozilla's software encrypted the file client-side, uploads it to AWS and generates a URL that contains the encryption key, that can be shared with the desired recipient of the file.

"Each link created by Send will expire after one download or 24 hours, and all sent files will be automatically deleted from the Send server," Mozilla explains in a blog post.

Send relies on the Web Cryptography JavaScript API with the AES-GCM algorithm for client side encryption and decryption.

Asked whether Mozilla would be able to unlock a stored file upon receipt of a lawful warrant, a spokesperson said the company is be unable to do so.

'Mozilla never receives the key'

"With Send, files uploaded by users cannot be accessed by Mozilla," a spokesperson explained in an email to The Register. "A 'fragment' in the URL (the part after the '#') contains the generated key so a user can share it with others, but these fragments are not sent to the server when requests are made, so Mozilla never receives the key."

While this may be a reasonably secure arrangement, it's far from perfect. AWS might be able to recover a deleted file or be forced to retain them, given sufficient motivation, and the key might be recoverable from log files or the messaging service used to send it.

Such scenarios aside, there's still room for privacy improvements. Mozilla has acknowledged that it sends the file name in plain text, along with other data like file size that the company deems useful for evaluating its service.

But as pointed out in a GitHub Issues post about the source code, the current version of Send also transmits the shared file's SHA256 hash in plaintext, which could be used to identify the file.

In response, Mozilla engineer Danny Coates said Send's privacy language has been revised to reflect file hash handling and a code update planned for next week has removed the hash logging.

"With the current functionality of the site it isn't strictly necessary to send the file hash in plain text, however we want to be able to test features that require the hash of the file," Coates said. "One specifically is to check uploads against a malware database."

It might also be worthwhile to check for hashes associated with known unlawful images and videos.

Encrypting the file name remains an open issue. ®


Biting the hand that feeds IT © 1998–2017