You just replied before me. Google Ads are present on the home page the others are in the portal.
Thanks a lot. I’ll be sure to forward this information to the relevant teams. Please feel free to let me know of any other concerns you might have; I assure you I will personally message each person responsible so actions can be taken to improve the platform.
1 Like
Also please do something about the claim of encryption of files on your home page.
For all i see the files are uploaded directly to OVH in plain.
I am actually not even able to upload files usng Firefox ¯_ (ツ)_/¯.
acually now also see the portal connects to mailerlite, yet another marketing tool
1 Like
I feel we have deviated a lot from the initial subject of the post. I am trying to provide information about users’ concerns here and gather valuable feedback.
However, there is a distinction between feedback and false claims, so I have to be very clear here, we never upload any user information to any of our servers that has not been encrypted. And our data is sharded and distributed among several servers across Europe.
Regarding your feedback referent to our newsletter tool, I would like to ask your input on how would you approach marketing for a privacy & cybersecurity-oriented platform? We need some essential tracking data, even if completely anonymized, to measure our performance.
1 Like
You can ask users to opt in. Use privacy friendly solutions such as Plausible for statistics. Don’t load marketing tools on your page directly snitching the IP of users without consent.
Its not selling that you don’t understand this in all honesty. Privacy by design doesn’t seem at the core of your values. I care more about this than you making changes to be “compliant”.
I can’t see the file being encrypted before it’s attempts to send it, but i am open to see it from your side.
6 Likes
@ph00lt0 This is one of the reasons we are fully open-source, So anyone can check the full encryption logic themselves. Here’s the logic that encrypts the files before being sent to the server: drive-web/src/app/network/NetworkFacade.ts at 184114210b1d2e15c02a605df9704304144be705 · internxt/drive-web · GitHub
Also, here is a snapshot of a package sent with my own account
Regarding the questions @user_of_privacy made about the issue SECURITUM-226409-019: Zero-knowledge encryption policy violation” in our audit. I just spoke with our lead dev, and he confirmed the issue has been addressed and fixed.
1 Like
The report claimed that zero-knowledge encryption is not present, which is one of the minimum requirements for any cloud product before listing them on a privacy guide.
Given its critical nature, can we request that the Internxt team either share commit IDs or provide a revised report?
1 Like
Of course, here’s the commit: [_]:(chore) Remove env variables prefix, improve API url usage by PixoDev · Pull Request #133 · internxt/drive-mobile · GitHub
Hash: 7ea7937c47163eb5d83132e1db010cdb680c0632
1 Like
Thank you for sharing the code link! May I suggest that your team seeks the advice of a cryptography expert or enthusiast to review your sign-up API? I believe there are significant concerns that need to be addressed.
As a personal opinion, I would recommend that the Privacy Guide team proceeds with caution. I don’t mean to offend Internxt team, but it appears that as of today, Filen or Mega may be in significantly better shape.
4 Likes
Thanks a lot for your feedback. I will pass this on to our devs for consideration. And no offense taken; we know being in the fire is the only way to temper a good shield. We will continue working hard and improving until we are worthy of your recommendation.
4 Likes
I must say, that after using Internxt for a few months, it is at best a beta product. Many many bugs remain, the uploading/downloading speeds are incredibly slow, and the company has a very shady past (see here, here, and more if you search for it).
I recommend huge caution to be taken before using it for now.
6 Likes
Last version of Internxt: 2.0.6 (released last week)
Last version with a binary (at least .appimage) 1.9.9: 27/04/2023 (11 months old)
Let us know when they support at least a flatpak or all version have a appimage.
As predicted by some here, and many others in various online threads, Internxt is acting like a complete scam.
They just sent the following email, going back on their promises:
To be clear, in order to get more free storage before, users could do a number of steps, such as:
- Upload a file (1GB extra)
- Share a file via link (1GB extra)
- Invite up to 5 friends (5GB extra)
- Create an account (2GB extra)
- Install the desktop app (1GB extra)
If you use the Wayback machine, you’ll see that they made this promise on their site back then:
“Enjoy up to 10GB forever and get access to all our services / Up to 10GB Free forever”
If you did all of the steps above, you’d have 10GB of free storage, which you earned by completing everything they asked for. Now they’re taking it all away and downgrading free users to 1GB only. They won’t delete your files, but they won’t let you upload more files unless you upgrade to their premium plans.
This is a scammy bait and switch, and Internxt cannot be trusted anymore. I feel sorry for the folks who invited other users to use this service, or those who bought their lifetime plan already, as I don’t see that ending well either.
In my opinion, everyone please do yourself a favor and completely ignore companies that play with your trust.
6 Likes
From my perspective, Internxt has always seemed dubious, and I have never placed my trust in them. The recent developments merely substantiate my initial assumptions. A service promising 10TB of lifetime cloud storage for $400 cannot feasibly sustain long-term profitability. This is without even delving into the shady business and potential issues surrounding their INXT cryptocurrency.
For every company that downgrades an aspect of their product with a high discount rate, I always bring questions to the table.
Internxt reduces free storage space to 1GB on the 1st of July, 2024
The company offers a whopping 90% discount off of all their paid plans with the voucher code FREEVIP at checkout.
The 90% offer is tempting and certainly for anyone who comes across it. Especially seeing lifetime plans become incredibly cheap after applying the voucher.
The other day, I came across a post at r/internxt with the title, “The state of internxt” in their Subreddit and saw mixed reviews. I have several questions for the Privacy Guides community about the company.
-
How long do you think their will the service last?
-
What is next with Internxt?
-
What is being sacrificed at the cost of a 90% discount before free storage becomes 1TB?
I have not come across any public statements from the company that detail this situation, other than receiving an email.
Did anyone here actually use this tool.?
Because I am tempted to use it as it is one of the only FOSS E2EE cloud with native Linux clients
From Comparison of Cloud, Sync & Email services
I like how hard it was to find the audit report, it wasn’t even linked in their blog post announcing the audit report.
I also found Skyper 💻🎧☕📖: "Hi @Internxt@mastodon.social. I just stumbled on…" - Fosstodon
I just stumbled on your white paper, and it seems that you use PBKDF2-HMAC-SHA1 with 10,000 iterations, which is rather low in 2024.
For instance, @owasp recommends using 1,300,000 iterations in your case.
Did I miss something?
Hello,
I work at Internxt, the tech team are currently working on this, and we will also carry out another audit in the future, as we have recently implemented post-quantum cryptography with Internxt Drive.
Hello everyone,
Just to add to this discussion, Internxt now has new plans, which include an in-built antivirus for Internxt Drive, and a premium VPN for up to 5 locations. Meet and Mail are also coming later this year.
Thanks!
1 Like
Which AV engine is using your AV?
Is your VPN your own inhouse VPN solution or is it made with a partnership with another company? Like Mullvad / Proton?
How feasible is offering lifetime subscriptions when you have monthly operational costs?