Best of luck to the author! My understanding is that anything that makes large file sharing easy and anonymous rapidly gets flooded with CSAM and ends up shuttering themselves for the good of all. Would love to see a non-invasive yet effective way to prevent such an incursion.
For Firefox Send, it was actually malware and spearfishing attacks that were spread.
The combination of limited file availability (reducing the ability to report bad actors), as well as Firefox urls being inherently trusted within orgs (bypassing a lot of basic email/file filtering/scanning), was the reason it became so popular for criminals to use. Like we've seen in the spearfishing attacks in India[1].
For a case when file sharing is intended between individuals or small groups there's an easy solution:
Anyone who got the link should be able to delete the file.
This should deter one from using the file sharing tool as free hosting for possibly bad content. One can also build a bot that deletes every file found on public internet.
If governments and big tech want to help, they should upload one of their CSAM detection models to Hugging Face, so system administrators can just block it. Ideally I should be able to run a command `iscsam 123.jpg` and it prints a number like 0.9 to indicate 90% confidence that it is. No one else but them can do it, since there's obviously no legal way to train such a model. Even though we know that governments have already done it. If they won't give service operators the tools to keep abuse off their communications systems, then operators shouldn't be held accountable for what people do with them.
This would potentially let somebody create a "reverse" model, so I don't think that's a good idea.
Imagine an image generation model whose loss function is essentially "make this other model classify your image as CSAM."
I'm not entirely convinced whether it would create actual CSAM instead of adversarial examples, but we've seen other models of various kinds "reversed" in a similar vein, so I think there's quite a bit of risk there.
Pretty sure apple already scans your photos for csam, so the best way would be to just throw any files a user plans on sharing into some folder an iPhone or iMac has access to.
Because some people would tell them. For example, the FBI would look at a child porn sharing forum and observe a lot of people sharing Send links. Then they would go to the operators of Send servers, and "strongly suggest" that it should shut down.
I wonder how that'll play out in this case, since everything uploaded here expires at maximum 3 days. Maybe they can "handle" abuse reports by simply auto-responding in 3 days that it is now removed.
Do we know whether this uploading is motivated by actual pedo reasons, by anti-pedo honeypot reasons, by sociopathic trolling reasons, by sabotage reasons (state, or commercial), or something else?
It's discouraging to think that privacy&security solutions for good people might end up being used primarily by bad people, but I don't know whether that's the situation, nor what the actual numbers are.
It is just pedophiles. A user posted here on HN a while ago that they ran a Tor exist node and the overwhelming majority of it was CSAM or other cybercrime. Here in Germany they busted some underground forum and a single individual had 35TB worth of it at home. There's no great conspiracy, the criminal underworld is huge and they use every service that doesn't clamp down on it in some form.
For local network sharing between my devices I tend to use LocalSend [0] which is absolutely brilliant, pretty much replaced my USB stick for transferring files/folders between devices on the same network.
"The Thunderbird team was very sad when Firefox Send was shut down. Firefox Send made it possible to send large files easily, maybe easier than any other tool on the Internet. So we’re reviving it, but not without some nice improvements. Thunderbird Send will not only allow you to send large files easily, but our version also encrypts them" - https://blog.thunderbird.net/2024/10/thunderbird-annual-repo...
The excellent FileLink plugin for Thunderbird already makes it a sinch to transmit a file via a Next/Owncloud instance instead of as an attachment to an email. Worth running a *cloud instance just for it imo.
It could incidentally be closed source, then. I stand corrected.
Sometimes devs & teams of devs wait until their code is finished to put it online. I tend not to – most of my unfinished code open source code is online. I understand the pros/cons of each way though.
What I'd love to have is a deposit of files to be shared within a group of people.
Say we're 8 friends traveling through the middle of Greenland (read: no niceties like WiFi), and on the evening we want to share the photos of the day with everyone else.
In short, an evolution of the myriad of file sending copycats that exist: the same idea but for a shared bucket of files (I don't think doing N individual shares fits the bill, that'd just be a poor man's solution for the lack of a proper alternative)
Commenting this in hopes that the HN popular wisdom knows about something similar! :)
> ...What I'd love to have is a deposit of files to be shared within a group of people...
Agreed, this is the key need! For sharing individual files, i think there are plenty of decent options - including this fork of FF Send, which by the way i have used and works perfectly fine. But, that whole desire to have a shared "bucket" or as you called it "deposit of files" or something similar, where a group of people can use as an area to constantly and consistently share files - and i would add to have those files be organized in a meaningful way - is still not something that i see executed really well.
For my family, its pretty simple in that have an existing shared area within our Onedrive, and manage files there...but there are at least 2 problems with that: 1) there isn't an embedded chat/communication mechanism...so files are separated from context of activity; and 2) what happens if the group that wants to share the bucket isn't family, or not connected on a single service like onedrive?
For simple sharing of files *that are ephemeral/not intended to be preserved nor organized properly* lots of people simply use a chat service. I use a dedicated, persistent room within matrix (yes, that matrix which is used for chat/instant messaging), and use it as my own little pastebin, file transfer/sharing system, etc. But, that approach lacks an organizability/findability of whatever files are loaded into it. So, sharing could be achieved for many participants via chat room, but there won't be a nice, easy way to find files shared from say X weeks ago.
I know that i added chat onto what was mentioned about having an area/deposit of files to share, but i feel having such a bucket in isolation may not be enough...i think some combination of chat or communication AS WELL AS an easy to organize bucket of sharing files is the key...i feel that once that nut has been cracked in a way that provides great UX, then whatever that service will be can have the potential to swallow at least a few existing services like dropbox, onedrive, google drive, etc....or, at least for some non-trivial percentage of users out there.
Maybe one could modify an existing server based file sharing app and add a public/private key mechanism that only people who have shared their keys with the server will get to keep their files on the server, if they key doesn’t match what the client signed with and was pre-registered it gets deleted instantly. That would prevent CSAM etc from a hostile intrusion. Of course it requires vigilance of the group. I envision this working for small groups who have email or Signal contacts with each other. It needs that “it takes a village to manage a friends share” mentality.
As others have said, I use a combination of LocalSend on all my devices (Win64, Linux, iOS…) and a Syncthing folder that I call QuickSync and added as a shortcut to all of my file managers a few years ago. Syncthing, in particular, works so well that you don’t even notice it, until you have a file conflict. It’s a great solution to have files synced easily.
I have no idea. If you’re on the same LAN, I assume you can use LocalSend, although I haven’t had any luck with it on my corporate, segregated, network. I’m betting it doesn’t work with complicated configs or MAC address filtering.
Is there a version of this, where i can allow emailadresses to upload things/download things/share things with other emailaddresses?
Like firefox send but some version of authentication via email? I am aware that i would need a way to send emails so the emailaddresses get authentication
Readit News
The combination of limited file availability (reducing the ability to report bad actors), as well as Firefox urls being inherently trusted within orgs (bypassing a lot of basic email/file filtering/scanning), was the reason it became so popular for criminals to use. Like we've seen in the spearfishing attacks in India[1].
[1]: https://www.amnesty.org/en/latest/research/2020/06/india-hum...
Anyone who got the link should be able to delete the file.
This should deter one from using the file sharing tool as free hosting for possibly bad content. One can also build a bot that deletes every file found on public internet.
Imagine an image generation model whose loss function is essentially "make this other model classify your image as CSAM."
I'm not entirely convinced whether it would create actual CSAM instead of adversarial examples, but we've seen other models of various kinds "reversed" in a similar vein, so I think there's quite a bit of risk there.
How have they dealt with this?
It was literally just to send large files between friends so more than 1 day was redundant.
mostly because it's difficult to handle all the abuse reports
It's discouraging to think that privacy&security solutions for good people might end up being used primarily by bad people, but I don't know whether that's the situation, nor what the actual numbers are.
[0] https://localsend.org/
[0] https://snapdrop.net/
Actually since it says forked it implies that Mozilla maintains a closed-source version. No, it was cancelled.
"The Thunderbird team was very sad when Firefox Send was shut down. Firefox Send made it possible to send large files easily, maybe easier than any other tool on the Internet. So we’re reviving it, but not without some nice improvements. Thunderbird Send will not only allow you to send large files easily, but our version also encrypts them" - https://blog.thunderbird.net/2024/10/thunderbird-annual-repo...
https://web.archive.org/web/20200226024845/https://www.wired...
I like keeping my software secure and up to date, but I dread every TB upgrade, wondering what stupid cosmetic change will trip me up this time.
https://gitlab.com/joendres/filelink-nextcloud
Sometimes devs & teams of devs wait until their code is finished to put it online. I tend not to – most of my unfinished code open source code is online. I understand the pros/cons of each way though.
Deleted Comment
Say we're 8 friends traveling through the middle of Greenland (read: no niceties like WiFi), and on the evening we want to share the photos of the day with everyone else.
In short, an evolution of the myriad of file sending copycats that exist: the same idea but for a shared bucket of files (I don't think doing N individual shares fits the bill, that'd just be a poor man's solution for the lack of a proper alternative)
Commenting this in hopes that the HN popular wisdom knows about something similar! :)
Agreed, this is the key need! For sharing individual files, i think there are plenty of decent options - including this fork of FF Send, which by the way i have used and works perfectly fine. But, that whole desire to have a shared "bucket" or as you called it "deposit of files" or something similar, where a group of people can use as an area to constantly and consistently share files - and i would add to have those files be organized in a meaningful way - is still not something that i see executed really well.
For my family, its pretty simple in that have an existing shared area within our Onedrive, and manage files there...but there are at least 2 problems with that: 1) there isn't an embedded chat/communication mechanism...so files are separated from context of activity; and 2) what happens if the group that wants to share the bucket isn't family, or not connected on a single service like onedrive?
For simple sharing of files *that are ephemeral/not intended to be preserved nor organized properly* lots of people simply use a chat service. I use a dedicated, persistent room within matrix (yes, that matrix which is used for chat/instant messaging), and use it as my own little pastebin, file transfer/sharing system, etc. But, that approach lacks an organizability/findability of whatever files are loaded into it. So, sharing could be achieved for many participants via chat room, but there won't be a nice, easy way to find files shared from say X weeks ago.
I know that i added chat onto what was mentioned about having an area/deposit of files to share, but i feel having such a bucket in isolation may not be enough...i think some combination of chat or communication AS WELL AS an easy to organize bucket of sharing files is the key...i feel that once that nut has been cracked in a way that provides great UX, then whatever that service will be can have the potential to swallow at least a few existing services like dropbox, onedrive, google drive, etc....or, at least for some non-trivial percentage of users out there.
How easy is it to self-host? I don't see any Docker instructions.
https://gitlab.com/timvisee/send
P.s. Kind of odd that the site links to Github, but the GH repo is only a mirror of the official Gitlab.
And pwndrop: https://github.com/kgretzky/pwndrop
And lots of others.
Or to a client asking for a file in an e-mail?
Like firefox send but some version of authentication via email? I am aware that i would need a way to send emails so the emailaddresses get authentication