Mozilla Offers Free Secure File-Sharing Service

By John P. Mello Jr.

Mar 13, 2019 5:00 AM PT

Mozilla on Tuesday announced
Firefox Send, a free encrypted file-sharing service that works in a any browser.

To share a file, you simply visit the Send site and drag your file to a box on the Web page. Unregistered users may upload up to 1 gigabyte in files, while registered users have a 2.5 GB allowance.

After uploading your files, you choose an expiration time for the link used to share them. Expirations can be set for number of downloads — one to five, 50 or 100 — or in increments of time, from five minutes to one hour, one day, or seven days.

You can protect the link with a password.

You then click the upload button, and you’re given a URL. The URL contains a link to the file and a key for decrypting it.

The person receiving the URL can click on it to download the file, decrypt it, and store it on a computer — or on a mobile phone when the Send app for Android becomes available. It is currently in beta.

There are no hoops for recipients to jump through, noted Nick Nguyen, Mozilla’s vice president of product strategy.

“They simply receive a link to click and download the file,” he wrote in an online post. “They don’t need to have a Firefox account to access your file. Overall, this makes the sharing experience seamless for both parties, and as quick as sending an email.”

Ephemeral Storage

A service like Send has a number of uses for consumers.

“Imagine the last time you moved into a new apartment or purchased a home and had to share financial information like your credit report over the Web. In situations like this, you may want to offer the recipient one-time or limited access to those files,” wrote Nguyen.

“With Send, you can feel safe that your personal information does not live somewhere in the cloud indefinitely,” he added.

There are other services for sharing files — notably, Dropbox, Box, Google Drive and Microsoft OneDrive — but they don’t have the ephemeral quality of Send.

“They’re geared toward more permanent file storage,” said Ross Rubin, principal analyst at Reticle Research, a consumer technology advisory firm in New York City.

“They’re trying to get you to pay for more permanent storage,” he told TechNewsWorld. “That’s how they make money, so they don’t have much interest in helping you effectively manage your space.”

Niche Targeted

There are other cloud services similar to Send, Nguyen conceded, but not with Mozilla’s commitment to privacy and security.

“We know there are several cloud sharing solutions out there, but as a continuation of our mission to bring you more private and safer choices, you can trust that your information is safe with Send,” he wrote.

“As with all Firefox apps and services, Send is Private By Design, meaning all of your files are protected and we stand by our mission to handle your data privately and securely,” Nguyen continued.

The privacy issue will draw some people to Send, observed San Jose, California-based Kevin Krewell, principal analyst at Tirias Research.

“Firefox is going after a niche audience that doesn’t trust the larger corporate cloud services,” he told TechNewsWorld.

“It’s not going to pose much of a threat to companies focusing on the transfer of large files, but it is a good alternative to consumers looking for an easy way to send files securely,” added Reticle’s Rubin.

“There have been free tools to secure files for a long time,” he continued, “but they haven’t been easy to use or from a source that consumers know and trust.”

While Send may not threaten the bigger players in the market, it could open an opportunity for Mozilla.

“They could partner with mail providers to provide a way for them to handle larger attachments,” Rubin suggested.

Complacent About Security

Because Send works inside any browser, it makes things easier to organize and send, noted Tanner Johnson, a senior analyst at IHS Markit, a research, analysis and advisory firm headquartered in London.

That doesn’t mean that consumers will be rushing to share their files securely, however.

“Unfortunately, we live in a very complacent society, security-wise,” Johnson told TechNewsWorld, “so a lot of these services — unless they’re very user-friendly and require little input and setup from the user — won’t be adopted quickly.”

“You’d be surprised how many people refuse to enact two-factor authentication on their devices because setting up the account and configuration is just too taxing,” he said, “so they throw their hands in the air and just give up.”

One drawback to Send is that when recipients have an unencrypted copy of a file, they can do anything with it.

“You need to trust the individual you’re sending the information to,” Johnson said. “If you have something you want to conceal or keep private, you have to trust that person won’t turn around and share it with someone else.”

Foiling Middleman

Send is designed to foil a man-in-the-middle attack, in which an unauthorized person snatches a message from a sender before it reaches a recipient.

With Send, “even if a message is intercepted, it’s illegible because it’s encrypted,” Johnson explained.

While secure file-sharing hasn’t gained wide consumer acceptance, demand for it has been growing, he noted.

“As more stories appear about mismanagement of data,” Johnson continued, “visibility will grow, which will drive adoption.”

Send will attract security-minded individuals, as well as those concerned with basic, digital security hygiene.

“It’s an interesting product,” said Phil Zimmermann, creator of PGP encryption and an associate professor at
Delft University of Technology in the Netherlands.

“It’s certainly better than a service that uploads files without encryption,” he told TechNewsWorld, “or uploads encrypted files with the key to decrypt them.”

Although Mozilla’s browser fortunes have been declining, Send is an example of its strategy to remain relevant.

“At Mozilla, we are always committed to people’s security and privacy,” wrote Nguyen.
“We are continually looking for new ways to fulfill that promise, whether it’s through the browser, apps or services.”

John P. Mello Jr. has been an ECT News Network reporter
since 2003. His areas of focus include cybersecurity, IT issues, privacy, e-commerce, social media, artificial intelligence, big data and consumer electronics. He has written and edited for numerous publications, including the Boston Business Journal, the
Boston Phoenix, Megapixel.Net and Government
Security News
. Email John.