TransferChain File Sharing

dogukan · April 25, 2023, 8:04pm

I used to use WeTransfer for file sharing, but there is a huge privacy policy flaw and it’s unsecured. There is too much “Man in the Middle Attack”.
Here is the new secure and private web app for sharing files.

prosperina · April 25, 2023, 8:32pm

Send is a good choice. It was forked from the Mozilla Send project which was discontinued. I think the highlights are that you can run it on the browser or from the command line, and that you can pick the instance you want to use or even host your own.

dogukan · April 26, 2023, 6:53am

TransferChain Send utilizes a client-side end-to-end encrypted distributed cloud with blockchain auth and zero-knowledge protocols – providing the world’s most Private & Secure file sharing. No one can access your files besides the intended recipients.

PoorPocketsMcNewHold · April 26, 2023, 6:14pm

Not be against you or anything else, but by your talk, it appears that you are, somehow, linked to that project. Is it the case? No worries if you do, It’s actually better if you do disclose it.

TransferChain Send utilizes a client-side end-to-end

Same with Send.

github.com

timvisee/send/blob/9f09a799865857e084f13e6f8cccfd9beeb1884f/docs/encryption.md

# File Encryption

Send uses 128-bit AES-GCM encryption via the [Web Crypto API](https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API) to encrypt files in the browser before uploading them to the server. The code is in [app/keychain.js](../app/keychain.js).

## Steps

### Uploading

1. A new secret key is generated with `crypto.getRandomValues`
2. The secret key is used to derive more keys via HKDF SHA-256
    - a series of encryption keys for the file, via [ECE](https://tools.ietf.org/html/rfc8188) (AES-GCM)
    - an encryption key for the file metadata (AES-GCM)
    - a signing key for request authentication (HMAC SHA-256)
3. The file and metadata are encrypted with their corresponding keys
4. The encrypted data and signing key are uploaded to the server
5. An owner token and the share url are returned by the server and stored in local storage
6. The secret key is appended to the share url as a [#fragment](https://en.wikipedia.org/wiki/Fragment_identifier) and presented to the UI

### Downloading

This file has been truncated. show original

distributed cloud

Despite the file being encrypted (and perhaps, split as you tell by your FAQ) before sending it :

Who does own those other servers ?
Does they apply the same privacy terms as you ?
What happen if one of them is attacked or leaked ?
Would a part of my file be gone if that one distributed server goes offline ?
A lot of my questions seems to be ″answered later on″ so i believe PrivacyGuides staff will also wait for more clarity.
Is TransferChain Enabling Peer-to-Peer File Management? Or What's The Main Decentralization Aspect?

blockchain auth

That’s the part I wonder, how it could actually be helpful. Not only because, what is stored on the blockchain CAN’T BE DELETED (That’s the main principle. You may try to set some data obsolete or be hidden on your own blockchain you’ve created, but the actual data will remain, hence the purpose of the blockchain in itself)
The other worsening bit is :

The corresponding encryption keys that are used to encrypt Your Content is solely available, in an encrypted format, on your device and in the blockchain, thus Your Content can only be decrypted by you and the individuals with whom you explicitly share with;

Which is, obviously, worse than Send which only gives the encryption key to you to share to whomever you want the files to be decrypted because basically, you are uploading our decryption key directly to anyone, to grab, simply by checking your blockchain, and grabbing the correct block that contain your decryption key. I sincerely wonder the actual purpose of this.

Of course, feel free to correct me on some details, that you think, are incorrect.

One last thing, the PrivacyGuides staff will certainly request for the public disclosure of the independant yearly security & data protection audits. I haven’t been able to found them, but that’s maybe just me.

matchboxbananasynergy · April 27, 2023, 11:39am

This reads like an ad. Is it one?

anon20402919 · April 27, 2023, 4:57pm

It is.
On the twitter or linkedin of transferchain, it’s the same face than the profile picture.

It’s not especially hidden, but it would be good to avoid coming by criticizing a competitor (even if the criticisms are true…) and to present your product without disclosing that you are in fact the co-founder of it.

Topic		Replies	Views
Tresorit Cloud Storage Tool Suggestions completed	16	2824	March 23, 2023
Retroshare Tool Suggestions	3	364	March 17, 2024
What about swisstransfer, is it any good? Privacy	1	245	February 17, 2024
Blaze Transfer (File Sharing) Tool Suggestions rejected	23	569	December 6, 2023
Peergos - Private storage, sharing, social media and application platform Tool Suggestions completed	50	3609	April 8, 2024

TransferChain File Sharing

Related Topics