Here's another similar program I'm aware of: http://www.omgubuntu.co.uk/2017/06/wormhole-fast-secure-way-send-files-users-cli
Nate ---- On Tue, 03 Oct 2017 04:36:47 -0700 gregor.mi.sw <codestr...@posteo.org> wrote ---- Hello, since the day I started to use email, every now and then I would like to send someone a large file (big or several images, large presentation, audio or video file) that does not fit in an email or vice-versa. Nowadays, there are plenty of free online storages and transfer services (e.g. https://wetransfer.com/, DropBox etc.). If I don't know the owner of those services, from a privacy standpoint they all cannot be trusted. I would like to hear your opinion on the following idea: Why not having a local program for the sender and receiver that automatically does local encryption before uploading to a storage server and decryption upon receiving and then deleting from the remote storage server? The idea is to have a stable local user interface while the storage server (let's call it "exchange point") can be easily replaced when needed. The assumed exchange point capabilities should be minimal (list files, upload file, download file, delete file). (The exchange point could even be an IMAP email server (with shared credentials) which means the local program should know about maximum email attachment file sizes and split the file accordingly without bothering the user. Or a local network drive.) The basic workflow for two new users A and B would be: User A: Installs the program, setups an exchange point, sends B the configuration to the exchange point, uploads the file User B: Installs the program, imports the configuration, downloads the file. Once the exchange point configuration is shared, sending further files is only a matter of selecting the user and dropping the file. Since the program would have a CLI it could be integrated in other chat or email programs. About two years ago, I started to develop a program that should do exactly that. It's called "asr - async send receive" (Code: https://cgit.kde.org/scratch/gregormi/asr.git/tree/, some thoughts about it: https://github.com/feinstaub/feinstaub.github.io/blob/master/asr/index.md, "async" because sender and receiver should not be required to be online at the same time). Due to lack of dedicated time the development also came to a stop two years ago before I could refine the CLI and add a usable GUI. I am aware of this good new feature in NextCloud: https://nextcloud.com/blog/nextcloud-introducing-native-integrated-end-to-end-encryption/. But this would restrict online storage servers to those which have NextCloud installed. >From the server side's perspective, this could be a security nightmare because >one way of using a service like Dropbox as exchange point is to share the account credentials between sender and receiver. From the user's perspective, in case the used account is shut off, one can switch easily to another exchange point. Target users: users who want to securely exchange files but without the knowledge or resources of how to setup an own online server. I wonder if it makes sense to you to further pursue this idea. Are or were there maybe similar approaches? Or existing online services that also do encryption in trustable fashion and have a CLI? Thanks for your feedback. Gregor
