Why end-to-end encryption in file sharing is a good idea

FileSender, now in use in more than 25 countries, also offers end-to-end encryption when sending files. What is end-to-end encryption and why is it important that FileSender’s open source software offers this form of security?

Sending files between users is as old as the Internet itself. Users usually send small files via e-mail. For sending larger files they can now choose from several free web services to exchange data. Unfortunately, web services are not always reliable when it comes to privacy. Also, it is not always clear where these files are temporarily stored and the issue is that free cloud services are selling your data or analyzing your private data to create a profile on you.

When sending personal and confidential data, sender and receiver attach importance to privacy and security. In such situations, file security in the form of end-to-end encryption is desired and, in many cases, even required. End-to-end encryption involves the encrypted transmission of data between sender and receiver. Only these two parties can read the encrypted data. The server that plays a role in the data transmission also has no access to the data in any way. When sending privacy-sensitive information, the application of end-to-end encryption is actually a must.

Man-in-the-middle attack

Sending files to users without end-to-end encryption creates a number of dangers. With a man-in-the-middle attack, which takes place while data is being sent between sender and receiver, malicious parties can intercept files. It is also possible to modify a file with such an attack without the sender and receiver being aware of it. In case you use FileSender without end-to-end encryption, this type of attack is very hypothetical. The man-in-the-middle attack is more plausible when sending attachments via e-mail.

FileSender offers end-to-end encryption to prevent unauthorized persons from accessing confidential files. How does this security work? Via a second channel, the sender of the files sends a key to the receiver. That second channel can be a phone call or text message. It is even better to use the Signal chat service because this service also offers end-to-end encryption. The use of email to communicate the key is highly inadvisable. Malicious parties can intercept email traffic relatively easily and get hold of the key.

Secret key

By sending the secret key, the sender has control over who gets access to the files. The key, actually the password, can be invented by the sender. It is important to come up with a hard to guess password. A long or difficult password (e.g. special characters) is almost impossible to crack due to the AES encryption. An example of a long password, that is still good to remember is: SometimesMyCarDrivesBackwards.

FileSender has been developed on the basis of requirements of higher education and the research community. After difficulties in sending large files by email, the research networks AARnet, HEAnet and Uninett started developing FileSender after 2007. Later, SURFnet and Belnet also joined in the development of the open-source software FileSender.

FileSender enables authenticated users to send large files to other users using a web-based application. With support for SAML2, LDAP and RADIUS and more, FileSender enables user authentication. Users without an account can transfer files after receiving a guest voucher from an authenticated user.

BSD license

Users who want to use FileSender do not need to install anything. Only a modern browser is required. The files that users want to share only remain available on the server for a limited time. The platform is not intended for making files permanently available. With regard to the availability of the files, the sender may set an end date. After this end date, the recipient will no longer be able to download the file(s).

Organizations that want to offer FileSender to their users can do with any server on which a Linux distribution is installed. FileSender is made available free of charge with a BSD license, a free open source software license. The file sharing software is enabled by a global community of research networks, institutions, and individuals. Anyone who wishes can contribute to the development of FileSender. Organizations can install FileSender in their own IT environment and make it available to their users.

Want to try it yourself? 

If you want to try out FileSender, take a look at the SURF website, for example, where you can use the SURF FileSender to exchange files. In order to actually exchange files, however, you must be connected to an organisation that has links with SURF.