• redxef@feddit.org
    link
    fedilink
    English
    arrow-up
    3
    ·
    3 days ago

    The fragment of a URL is not sent to the server, so that’s where such platforms usually store the key. That’s also the way cryptpad does it. You can thus share the URL and with it the key.

    Of course, you still need to trust the platform. The sourcecode link at the bottom of the page links to https://github.com/timvisee/send who forked from mozilla/send and links back to the web page.

      • Captain Beyond@linkage.ds8.zone
        link
        fedilink
        arrow-up
        1
        ·
        5 hours ago

        If you trust the client that is encrypting and uploading the file - which runs on your computer and thus can be audited, modified, or even entirely replaced by you. You do not need to trust that the server (which ideally is also free software, but in practice is a black box you don’t have any visibility into) is sending you trustworthy code.