0807
0807.st
Simple, private file hosting.

I run 0807, a file host I host myself.

You drop a file, you get a short link, and you choose when it disappears.

I am posting it here because the whole thing is built around privacy, and because I would rather lay out the real threat model than call it “secure” and let you find the gaps later.

The privacy side:

  • No account, no sign up. An upload is not tied to any identity.
  • No ads, no third party trackers, no analytics. Nothing is loaded from outside domains, so no fonts or scripts phoning home.
  • The server does not log IP addresses or requests. The rate limiter holds an IP in memory for a few minutes to count requests, then forgets it. Nothing is written to disk.
  • Reachable over Tor through an onion service.
  • Auto delete by time (one hour to thirty days, or never) or after a chosen number of downloads.
  • Optional password on files and on text notes.
  • Files up to 20 GB.
  • Executable types like exe, bat and scripts are blocked so it cannot be used as a malware drop.

The honest part, which this community will and should ask about:

it is not end to end encrypted. The server can read what is stored, on purpose.

I want to be able to remove illegal uploads when they get reported, child sexual abuse material above all. A server that cannot see its own contents cannot act on those reports, and I am not willing to run one that cannot.

So I gave up that form of secrecy in exchange for being able to take that content down.

What that means for you in practice the password is casual access control, not protection from me as the operator or from anyone who breaks into the server.

If you need real confidentiality, encrypt the file on your own machine before uploading and share the key separately.

Treat 0807 as a way to move files around with self destructing links and no account, not as a vault for secrets you cannot afford to expose.

It is open source, and I host the code on my own server instead of GitHub, so there is no third party in that loop either.

You can read every line check the no logging claim yourself suggest a change, or open an issue all without an account:

SRC

OC by developer @0807@lemmy.world

      • hirihit640@sh.itjust.worksEnglish
        1·
        22 hours ago

        Cool video but it’s old and barely relevant. Traffic analysis attacks are extremely difficult to pull off, especially on hidden services (since relay nodes are more distributed than exit nodes). Mixnets are cool but still immature. Tor is the best option here, and will fit the use case of 99% of users. For those who want to defend against traffic analysis, there are ways to do so that take way more time and effort, like breaking up a file into tons of tiny pieces. Up to you if you want to put in the effort.

        As usual, Whonix has a great page about this: https://www.whonix.org/wiki/Speculative_Tor_Attacks

        in research settings, Tor processes and anonymity protection might be seriously degraded under specific conditions. Therefore, users who are likely to be targeted by advanced adversaries should bear this in mind when undertaking anonymous activities – for a small subset, defaulting to offline activities (whenever possible) might be the only safe course of action in their circumstances.