Based on Send, allows P2P transfer and developed by a reputable security developer (Feross) who has made other projects like WebTorrent: feross (Feross Aboukhadijeh) · GitHub
Code is partially open source (which is the encryption code). There are links to their FAQ, Roadmap and Security documentation.
Hi, thanks for sharing! I was initially confused and thought that this had to do with Magic Wormhole which we used to list but removed it recently due to it not being maintained. That doesn’t seem to be the case, however.
Still, I’m not sure what this adds as a recommendation, especially as we just added Send.
Wormhole isn’t fully open-source (which is not a dealbreaker, but it means that you can’t host your own instance), doesn’t allow you to set a password (although it’s on their roadmap) and doesn’t have a way to use it (that I can tell, at least) without using the website, whereas Send has the ffsend CLI.
Is there some standout feature I’m missing that would warrant us listing it?
The main standout feature is P2P file-sharing. The recipient can start downloading while the sender is uploading and not have to wait for the file to be completely uploaded to the server first. All uploads that are 5 GB or less can be uploaded to the server (and expire after 24 hours), while any uploads greater than 5 GB can be shared strictly through P2P file-sharing (no server upload).
Send is awesome for self-hosting (apart from the CLI), but there are some issues with using custom instances, which are also usually maintained by a single person (such as the main one, https://send.vis.ee). It looks like the upload limit is now 2.5 GB (wasn’t this 10 GB not too long ago?)
Wormhole is more of an actual product, more user-friendly and more secure as a website: Security Design - Wormhole - this includes DNSSEC and CAA which don’t seem to be implemented for the main Send instance. They have a bug bounty program for any security vulnerabilities. It’s also protected by Socket which is founded by its creator and relied on by Brave in their repos, among others. Feross is a very reputable computer security researcher, JS developer and web security expert. One of the main projects he’s built is WebTorrent which is integrated into Brave.
Overall, I’d use Wormhole for file-sharing (unless I need longer than 24 hour expiration, as it’s the current limit) over any Send instance and Send if I’m going the self-hosting route.
Nobody is maintaining their crypto implementation. Maybe they decided that it’s good as is, but they should be actively maintaining it, rather than once a few months.