I run 0807, a file host I host myself.
You drop a file, you get a short link, and you choose when it disappears.
I am posting it here because the whole thing is built around privacy, and because I would rather lay out the real threat model than call it “secure” and let you find the gaps later.
The privacy side:
- No account, no sign up. An upload is not tied to any identity.
- No ads, no third party trackers, no analytics. Nothing is loaded from outside domains, so no fonts or scripts phoning home.
- The server does not log IP addresses or requests. The rate limiter holds an IP in memory for a few minutes to count requests, then forgets it. Nothing is written to disk.
- Reachable over Tor through an onion service.
- Auto delete by time (one hour to thirty days, or never) or after a chosen number of downloads.
- Optional password on files and on text notes.
- Files up to 20 GB.
- Executable types like exe, bat and scripts are blocked so it cannot be used as a malware drop.
The honest part, which this community will and should ask about:
it is not end to end encrypted. The server can read what is stored, on purpose.
I want to be able to remove illegal uploads when they get reported, child sexual abuse material above all. A server that cannot see its own contents cannot act on those reports, and I am not willing to run one that cannot.
So I gave up that form of secrecy in exchange for being able to take that content down.
What that means for you in practice the password is casual access control, not protection from me as the operator or from anyone who breaks into the server.
If you need real confidentiality, encrypt the file on your own machine before uploading and share the key separately.
Treat 0807 as a way to move files around with self destructing links and no account, not as a vault for secrets you cannot afford to expose.
It is open source, and I host the code on my own server instead of GitHub, so there is no third party in that loop either.
You can read every line check the no logging claim yourself suggest a change, or open an issue all without an account:
OC by developer @0807@lemmy.world
Nothing would stop downloads from getting removed. Mega used to take down stuff all the time, because the URLs people would share would contain both the ID and the decryption key. It’s super easy to decrypt stuff and verify if it’s in violation of copyright for example.
Exactly. That’s why I don’t understand the reasons OP is giving for not having E2EE
Without the key, the server operator:
can’t know if the content being reported actually exists
can’t know if the content should actually be removed or not
An ID is needed to determine if the content exists and a key is needed to decrypt it.
Somebody making a report that there is illegal content in OP’s server, but provides neither an ID nor a key, quickly ceases to be actionable. At a minimum you need the reporter to provide upload IDs.
But even if the reporter supplies the IDs, the report may not be actionable by your standard: The uploader can easily encrypt the uploaded data, as OP themself recommends.
So OP needs a policy on what to do when they cannot inspect the content of a reported upload, regardless of wherever or not their service provides E2EE
Even if it was inspectable content, there are other ways to hide content such as steganography.
They want to be able to scan content for illegal contents, without users needing to report it and provide the decryption key first
That’s not what OP said they wanted:
Besides, OP’s own advice to upload manually encrypted files runs directly counter to this
You should check out my comment here. Bring-your-own-encryption is a good thing that OP is encouraging here
I’m not saying that doing your own encryption is a bad thing, but them recommending it runs directly counter to OP’s other stated goals
I’m sure OP’s goal isn’t actually to moderate content. It’s common for tools clearly designed for piracy to say “we don’t condone piracy”. OP is using a plausible excuse to not provide encryption, without directly encouraging people to use encryption themselves. Or maybe OP doesn’t realize that people can encrypt their files themselves and bypass all moderation, who knows ¯\_(ツ)_/¯