this post was submitted on 18 Oct 2023
139 points (96.6% liked)

Open Source

31418 readers
17 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
top 14 comments
sorted by: hot top controversial new old
[–] [email protected] 24 points 1 year ago* (last edited 1 year ago)

For those who don't want to or can't listen to the podcast. I've only listened to about 2 minutes of the relevant part, so I'm certainly no expert.

Paraphrasing; Thunderbird Send is basically a large file sharing service for email. All is encrypted. It's not recommended to send decryption password via the same email as the file, unless it's a cat photo.

Unknowns/questions I have. Possibly answered further in the podcast.

-will file downloads be opt in - especially for unknown senders, but also if I'm on a hotspot, I don't want to accidentally download a large file over data.

-can it send unencrypted files if needed?

-how well does it play with other email clients?

-how long does data remain on the server?

-can I access/view files I've uploaded and delete them at any time?

[–] [email protected] 20 points 1 year ago (2 children)

One red flag from that podcast:

When asked how they might deal with abuse of the service to distribute illegal files, he suggested that you could compare uploaded files to hashes of known files. This doesn't make sense in a system where the server has no knowledge of the unencrypted file, since the same file encrypted with two different passwords will result in two different hashes.

[–] [email protected] 9 points 1 year ago* (last edited 1 year ago) (1 children)

Can’t you hash it before uploading and upload just the hash? Or download the banned hash list locally.

[–] [email protected] 10 points 1 year ago (1 children)

Sure, but then you're trusting the client. I can always encrypt x and send along the hash for y.

[–] [email protected] 14 points 1 year ago

In the end you can always just encrypt the illegal stuff externally before giving it to them...

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

The only way I could see them flagging potentially illegal files on the server-side if they don't have access to the cleartext file would be through the filesize, and that would lead to too many false-positives. On the client-side it could be done through a local checksum against a denylist (compared locally for privacy reason) before uploading, but that could be easily defeated.

[–] [email protected] 8 points 1 year ago* (last edited 1 year ago)

I don't know know if you guys are aware, but a user named timvisee on Github forked Mozilla Send and brought back the service. He even hosts an instance himself, and provides the instructions on how to set it up yourself. Would be cool to see Mozilla bring it back offically in some form though.

[–] [email protected] 5 points 1 year ago

Cool. Mozilla Send was really nice.

[–] [email protected] 4 points 1 year ago (1 children)

That's cool! I don't have a chance to listen to the podcast right now, does anyone have more details?

[–] [email protected] 2 points 1 year ago

I only found this: https://github.com/tdulcet/Thunderbird-Send

but that might be something else?

[–] [email protected] 4 points 1 year ago

Thundercast is a great listen! Its not all about mozilla stuff either. Mostly a group of thunderbird team members hanging out with a few discussion topics.

Sounds like it will probably be behind a subscription like Firefox Relay and Mozilla VPN, and probably very affordable like those. Server costs and all.

Definitely looking forward to more info about this. I really enjoyed the original send, and solving large files in email without needing to wire up a webDAV drive or go to another service to upload would be awesome. Presumably it'll be thunderbird focused, but hopefully it can be used from a browser extension or web app to use on the go or with webmail clients too.

[–] [email protected] 4 points 1 year ago

Awesome. Glad the days are over when important whistleblowers in the white house are using Confide, or some other encrypted bullshit meant for horny young people and like a genuinely professional and email-adjacent encrypted service.

[–] [email protected] 2 points 1 year ago

Thundercast assemble!

[–] [email protected] 1 points 1 year ago

I am excited for this!