0807
0807.st
Simple, private file hosting.

Made a small file host focused on not leaving a trace.

  • No account, no ads, no trackers
  • You set when the file deletes itself (1 hour to 30 days, or after X downloads)
  • Optional password on files and notes
  • Reachable over Tor via an onion service
  • Self-hosted

For when you just need to hand someone a file without it sitting on a server forever or asking them to sign up anywhere.

  • Pika@sh.itjust.worksEnglish
    0·
    7 days ago

    My only real question I have since there isn’t any source code listed.

    How secure/private is the actual file storage service? It runs over the onion project which is nice but, without source code there’s no proof or evidence of encryption, nor proof that files actually delete as well as other logging style services that a privacy oriented service would normally have.

    • 0807@lemmy.worldOP
      0·
      7 days ago

      Hello, there is currently no end-to-end encryption on the server I’ll explain why below. The reasons why

      True end-to-end encryption (where I literally can’t read your files) means the server only ever sees encrypted blobs. The problem is, that also means I can’t scan anything, and right now every upload is checked against known CSAM and run through malware scanning.

      Go fully zero-knowledge and I lose that capability entirely, which on an anonymous host is a real problem it basically turns into a blind dropbox for whatever people want to put there.

      So it’s genuinely one or the other either I can see enough of the content to keep it clean, or I can’t see it at all and can’t keep it clean. I chose to keep it scannable, because for an open anonymous service, I think being able to block that kind of content is more important.

      That’s the real reason there’s no at-rest encryption not laziness it would compromise security. I’m open to hearing how you’d weigh the pros and cons, though.

    • eclipse7@feddit.nu
      0·
      7 days ago

      The ToS says illegal content is removed, which probably means there’s no encryption. And some file extensions are blocked which is weird. Files should be encrypted in the browser and not unencrypted at the server.

      Use Firefox Send or OnionShare or something instead…