Privacy

49165 readers

650 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 6 years ago

MODERATORS

0807: a self-hosted file host with self-destructing links. Open source, Tor, no logs (0807.st)

submitted 15 hours ago by 0807@lemmy.world to c/privacy@lemmy.ml

16 comments fedilink hide all child comments

I run 0807, a file host I host myself.

You drop a file, you get a short link, and you choose when it disappears.

I am posting it here because the whole thing is built around privacy, and because I would rather lay out the real threat model than call it "secure" and let you find the gaps later.

The privacy side:

No account, no sign up. An upload is not tied to any identity.
No ads, no third party trackers, no analytics. Nothing is loaded from outside domains, so no fonts or scripts phoning home.
The server does not log IP addresses or requests. The rate limiter holds an IP in memory for a few minutes to count requests, then forgets it. Nothing is written to disk.
Reachable over Tor through an onion service.
Auto delete by time (one hour to thirty days, or never) or after a chosen number of downloads.
Optional password on files and on text notes.
Files up to 20 GB.
Executable types like exe, bat and scripts are blocked so it cannot be used as a malware drop.

The honest part, which this community will and should ask about:

it is not end to end encrypted. The server can read what is stored, on purpose.

I want to be able to remove illegal uploads when they get reported, child sexual abuse material above all. A server that cannot see its own contents cannot act on those reports, and I am not willing to run one that cannot.

So I gave up that form of secrecy in exchange for being able to take that content down.

What that means for you in practice the password is casual access control, not protection from me as the operator or from anyone who breaks into the server.

If you need real confidentiality, encrypt the file on your own machine before uploading and share the key separately.

Treat 0807 as a way to move files around with self destructing links and no account, not as a vault for secrets you cannot afford to expose.

It is open source, and I host the code on my own server instead of GitHub, so there is no third party in that loop either.

You can read every line check the no logging claim yourself suggest a change, or open an issue all without an account:

SRC

Questions and criticism welcome. If you think the encryption tradeoff is the wrong call, I will read the argument

you are viewing a single comment's thread
view the rest of the comments

[–] surewhynotlem@lemmy.world 1 points 11 hours ago

Very cool. Glad you're still working on it.

You can implement end-to-end encryption and simply delete anything that was flagged as csam, even without validating that it is. Do you really want to see that shit? No. So are you really going to spend the time validating before deleting? I know I wouldn't.

The worst that would happen is you'd end up deleting someone's actual file because someone else maliciously reported it. And it would have to be someone who knew the link was even there to find it and report it. That's a pretty unlikely scenario for a temporary file share.