this post was submitted on 13 May 2025
22 points (95.8% liked)

Privacy

1716 readers
1 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
Ategon
danielintempesta
22
Send files privately. No cloud. No trace. (glitr.io)
submitted 5 days ago* (last edited 5 days ago) by xoron to c/privacy
14 comments fedilink hide all child comments
 

glitr.io

I'm working towards something for secure/private/simple P2P file transfer. It isnt as "simple" as it could be, im still working on it, but ive got it down to:

  • Zero-installation as a PWA
  • Zero-registration by using local-only storage
  • P2P-authentication using WebCrypto API
  • Fast data-transfer using WebRTC

It's far from finished, but i think ive got it "usable" enough to ask for feedback on it.

I'm aware there are things like SFTP and several other established protocols and tools. I started doing this because I was learning about WebRTC and it seems suprisingly capable. This isnt ready to replace any existing apps or services.

(Note: I know you guys on lemmy are interested in open-source code. this project is a spin-off from a bigger project: https://github.com/positive-intentions/chat)

Let me know what you think about the app, features and experience you would expect from a tool like this.

you are viewing a single comment's thread
view the rest of the comments
[–] Corbin 5 points 5 days ago (7 children)

I would rather use Magic Wormhole if I have to have an intermediate server operated by somebody else.

Your protocol isn't documented enough to allow interoperability. It is important for folks to be able to develop their own clients and frontends; the ecosystem becomes richer and more resilient to attacks when there are many different implementations.

I'm not sensing an awareness of capabilities. Access to a file is one of the classic examples of a capability and a file-sharing system should be oriented around ensuring that references to files are unforgeable and copyable.

The terms of service are unacceptable and I won't be trying out the product. I can point at exactly what's wrong; talk to your attorney for details.

Users are expected to respect the intellectual property rights of others when using the app.

You don't understand what file-sharing technology is used for.

We reserve the right to introduce tools and technologies for monitoring the performance of the app and improving its functionality. By using the app, you acknowledge and agree to this potential monitoring.

Ah yes, because telemetry has never been met with user backlash.

The company does not collect user data, apart from what is needed for monitoring tools to ensure the app's stability and to make improvements.

You don't need user data for that. Y'know what's a lot easier? Just don't collect user data!

We may also use Sentry.io for error monitoring and NLevel Software for analytics.

I block those.

The app may include functionality to report users, and we reserve the right for this functionality to send necessary details for any investigation.

Ah yes, completely fair that somebody accused of misbehavior gets their local data exfiltrated too.

Meanwhile Magic Wormhole merely tells us that it is MIT licensed and we can do whatever we like with it.

[–] [email protected] 0 points 4 days ago (2 children)

Magic wormhole is great, and croc as well, but there is no need to be rude and combative about it.

[–] Corbin 0 points 4 days ago

Why not? What tone would you take if you wanted folks to regret posting unpaid advertisements?

load more comments (1 replies)
load more comments (5 replies)