![](\"https:\/\/media.wired.com\/photos\/5c8818ff25da7204699767da\/master\/pass\/Featured%20Art%20-%20Firefox%20Send%20v3.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Brian Barrett| Date: Tue, 12 Mar 2019 22:33:05 +0000<\/strong><\/p>\n You\u2019ve got no <\/span>shortage of ways to send encrypted messages<\/a>, and at least as many cloud services for sending large files. But the Venn diagram for the two remains surprisingly, inconveniently small. That\u2019s the beauty of Mozilla\u2019s Firefox Send, a free, intuitive, web-based service that lets you share large encrypted files, no strings attached.<\/p>\n Send began in 2017 as an experiment, part of Firefox\u2019s since-discontinued Test Pilot<\/a> program. Since then, it has languished in beta, gaining a few features along the way, but mostly in the shadows. Tuesday marks its public launch.<\/p>\n What sets Send apart is its ease of use. It works in any browser; just go to send.firefox.com<\/a>. Upload or drag and drop files, and Send will generate a link that you can set to expire after a certain number of downloads\u2014up to 100\u2014or a certain amount of time, ranging from five minutes to seven days. You can send up to 1 gigabyte, or up to 2.5GB if you sign in with a Firefox account. For comparison sake, SMS generally maxes out at 600 kilobytes. The biggest Gmail attachment you can send is 25 megabytes. Firefox Send offers orders of magnitude more room, enough to send a high-definition episode of Game of Thrones<\/em>.<\/p>\n There are already ways to share large files, of course, whether it\u2019s with a Google<\/a> Drive link or through a service like Hightail. But doing so securely\u2014with end-to-end encryption, without stashing files in the cloud\u2014is another story.<\/p>\n "It looks elegant and a nice way to do things."<\/p>\n Matthew Green, Johns Hopkins University<\/p>\n \u201cI recently moved to a place that involves me acquiring a bunch of visas; with my wife I\u2019ve had to fill out a ton of paperwork and provide things like passports to various agencies,\u201d says Mozilla product manager John Gruen. \u201cThere\u2019s something weird about the idea of keeping all this stuff in a persistent cloud storage solution to me. I just don\u2019t really want to have to remember to clean up my tracks. Even if I delete a file from some cloud storage somewhere, I don\u2019t even know if it\u2019s actually gone for good, or just gone from the user interface.\u201d<\/p>\n Because Firefox Send is end-to-end encrypted, not even Mozilla can see the contents of what you\u2019re sharing. You can also add a password to a given file, so that even if someone intercepts that URL\u2014by compromising the recipient\u2019s email, say\u2014you can keep it secure.<\/p>\n As for the encryption itself, Firefox Send uses the Web Crypto API. "They generate a key and then encrypt the file, putting the key into the URL that you share with your friend,\u201d says Matthew Green, a cryptographer at Johns Hopkins University. \u201cIt looks elegant and a nice way to do things.\u201d<\/p>\n Green notes that Send can still leak metadata like your IP address, what time you sent the file, and the file size, making it a potentially poor choice for whistle-blowers or other at-risk people. Similarly, while encrypting files in the browser makes Firefox Send singularly convenient, it also introduces potential risks.<\/p>\n \u201cIt\u2019s not an extension or a web app or a plugin. You go to that website and it loads JavaScript inside the browser, and all the encryption is done in your browser,\u201d says Kenn White, co-director of the Open Crypto Audit Project<\/a>. \u201cWhat that means is every time you hit their server, they could push new code. The problem is, the user doesn\u2019t have any guarantees of what version of software that is.\u201d<\/p>\n Compare that experience to an encrypted messaging app like Signal<\/a>; you know what version you have on your phone, and how it behaves. A browser-based solution offers no such guarantees, and potentially exposes users to either server-side or man-in-the-middle attacks. White acknowledges that those scenarios aren\u2019t likely, especially for the average user. But human-rights activists, journalists, and other potential targets should take it into consideration<\/a>. \u201cI don\u2019t want a pinkie promise that you won\u2019t do something,\u201d says White. \u201cI want to know that you can\u2019t do something.\u201d<\/p>\n Don\u2019t let those caveats warn you off Firefox Send, though, if like most people all you need is a way to send financial or legal documents without worrying about what cloud you might have left them in.<\/p>\n \u201cWe\u2019re sort of in between a cloud storage solution and something like [Apple\u2019s] AirDrop, and that\u2019s kind of the point,\u201d Gruen says. \u201cWe\u2019re trying to ride that line a little bit, and give people leeway in their use cases.\u201d<\/p>\n Mozilla\u2019s also trying to expand its reach\u2014and its privacy-focused ideals<\/a>\u2014beyond Firefox, an aspiration that Send fits in with neatly. It provides comparable protection and functionality whether you\u2019re on Chrome, Safari, or whatever else. \u201cI personally don\u2019t believe that our manifesto is exhaustively covered by a browser,\u201d says Gruen.<\/p>\n Send still tries to draw people in, both by solidifying the Firefox brand\u2019s privacy bona fides and encouraging people to create accounts. But fundamentally, it offers an apparently sound, secure service.<\/p>\n