Most active commenters
  • jart(7)
  • melicerte(5)
  • KomoD(4)
  • jamal-kumar(4)
  • EasyMark(4)
  • benatkin(3)
  • (3)
  • immibis(3)
  • throwaway290(3)
  • beepbooptheory(3)

Send: Open-source fork of Firefox Send

(send.vis.ee)
276 points leonry | 137 comments | 19 Oct 24 12:17 UTC | HN request time: 2.207s | source | bottom
1. metadat ◴[19 Oct 24 16:26 UTC] No.41888758[source]
This is cool, sharing files larger than 1GB still remains challenging these days.

How easy is it to self-host? I don't see any Docker instructions.

https://gitlab.com/timvisee/send

P.s. Kind of odd that the site links to Github, but the GH repo is only a mirror of the official Gitlab.

replies(2): >>41888913 #>>41890851 #
2. rompledorph ◴[19 Oct 24 16:34 UTC] No.41888813[source]
A minor bug. It’s not possible to copy and paste the link from the UI. Using Firefox on iPhone
3. mlok ◴[19 Oct 24 16:43 UTC] No.41888852[source]
I wonder what limits sends to 2.5GB ?
replies(3): >>41888939 #>>41889657 #>>41895573 #
4. gunalx ◴[19 Oct 24 16:43 UTC] No.41888855[source]
Exactly what i need to be able to not depend on m0zilla
5. ranger_danger ◴[19 Oct 24 16:53 UTC] No.41888913[source]
https://github.com/timvisee/send-docker-compose
6. ranger_danger ◴[19 Oct 24 16:56 UTC] No.41888939[source]
There doesn't appear to be a technical reason, it appears to just be a default configuration setting that was a holdover from Mozilla's imposed limits when Firefox Send was still around.

https://old.reddit.com/r/selfhosted/comments/1bwqxit/is_ther...

7. deskr ◴[19 Oct 24 16:56 UTC] No.41888941[source]
As a side note, you can also simulate various network problems in the linux kernel via tc: https://www.baeldung.com/linux/network-failures-simulation
replies(1): >>41895276 #
8. Arubis ◴[19 Oct 24 17:24 UTC] No.41889117[source]
Best of luck to the author! My understanding is that anything that makes large file sharing easy and anonymous rapidly gets flooded with CSAM and ends up shuttering themselves for the good of all. Would love to see a non-invasive yet effective way to prevent such an incursion.
replies(10): >>41889269 #>>41889987 #>>41890019 #>>41890075 #>>41890376 #>>41890531 #>>41890775 #>>41892233 #>>41893466 #>>41896754 #
9. bachmeier ◴[19 Oct 24 17:24 UTC] No.41889123[source]
If you don't want to self-host and you don't want to trust someone else's service (I don't know anything about this server) you get Bitwarden Send with the $10/year premium plan.
replies(2): >>41889301 #>>41889804 #
10. KomoD ◴[19 Oct 24 17:42 UTC] No.41889269[source]
> ends up shuttering themselves for the good of all

mostly because it's difficult to handle all the abuse reports

replies(1): >>41889478 #
11. KomoD ◴[19 Oct 24 17:46 UTC] No.41889301[source]
> and you don't want to trust someone else's service

You still have to trust Bitwarden aka someone else's service?

replies(2): >>41889314 #>>41891621 #
12. jacooper ◴[19 Oct 24 17:49 UTC] No.41889314{3}[source]
Its e2e encrypted, and the client and server code is open source/source available.
replies(2): >>41889452 #>>41889529 #
13. chme ◴[19 Oct 24 17:56 UTC] No.41889367[source]
There is also filebin.net: https://github.com/espebra/filebin2/

And pwndrop: https://github.com/kgretzky/pwndrop

And lots of others.

14. notpushkin ◴[19 Oct 24 18:07 UTC] No.41889452{4}[source]
This is also end-to-end encrypted, and the client and server code is open source/source available.

The reason to use Bitwarden could be that you already trust it with something else, and could have taken time and audit that it is indeed legit, or trust others to complain loudly if they find something wrong with the code. Personally, I’d self-host it (or the open source, lighter on resources Vaultwarden), just as an additional safeguard.

15. aranelsurion ◴[19 Oct 24 18:11 UTC] No.41889478{3}[source]
I wonder how that'll play out in this case, since everything uploaded here expires at maximum 3 days. Maybe they can "handle" abuse reports by simply auto-responding in 3 days that it is now removed.
16. benatkin ◴[19 Oct 24 18:13 UTC] No.41889495[source]
The title heavily implies that Mozilla's is closed-source. It isn't: https://github.com/mozilla/send

Actually since it says forked it implies that Mozilla maintains a closed-source version. No, it was cancelled.

replies(2): >>41889850 #>>41890836 #
17. hypeatei ◴[19 Oct 24 18:18 UTC] No.41889529{4}[source]
How can you guarantee the build is from the open source code? (i.e. doesn't contain a small patch with hostile behavior)
replies(1): >>41897239 #
18. gpm ◴[19 Oct 24 18:20 UTC] No.41889545[source]
Slightly off topic: I'm a fan of solutions like https://webwormhole.io/ - which lets you send the file directly from one computer to the other via webrtc instead of uploading to a middleman server... at the expense of not being able to generate a link that you can send to someone else and forget about.
replies(4): >>41889723 #>>41890221 #>>41895515 #>>41897208 #
19. LWIRVoltage ◴[19 Oct 24 18:35 UTC] No.41889657[source]
There are other variants with different file size limits https://github.com/timvisee/send-instances Maybe performance based or something depending on those hosting these instances?
20. ◴[19 Oct 24 18:45 UTC] No.41889723[source]
21. MatekCopatek ◴[19 Oct 24 18:55 UTC] No.41889804[source]
I didn't know about Bitwarden Send, thanks! Although I did just check it out and it says the limit is 100 MB, which is typically too little.

EDIT: I'm on mobile, apparently it's 500 MB on desktop.

22. CT4u8798 ◴[19 Oct 24 18:57 UTC] No.41889812[source]
For local network sharing between my devices I tend to use LocalSend [0] which is absolutely brilliant, pretty much replaced my USB stick for transferring files/folders between devices on the same network.

[0] https://localsend.org/

replies(5): >>41892010 #>>41892336 #>>41895010 #>>41896103 #>>41898763 #
23. promiseofbeans ◴[19 Oct 24 19:03 UTC] No.41889850[source]
The Thunderbird team is working on a fork!

"The Thunderbird team was very sad when Firefox Send was shut down. Firefox Send made it possible to send large files easily, maybe easier than any other tool on the Internet. So we’re reviving it, but not without some nice improvements. Thunderbird Send will not only allow you to send large files easily, but our version also encrypts them" - https://blog.thunderbird.net/2024/10/thunderbird-annual-repo...

replies(5): >>41889932 #>>41889977 #>>41890263 #>>41893229 #>>41895093 #
24. cpeterso ◴[19 Oct 24 19:13 UTC] No.41889932{3}[source]
Firefox Send used E2E encryption. The key was generated on the web client and not shared with the Send server.

https://web.archive.org/web/20200226024845/https://www.wired...

25. Vinnl ◴[19 Oct 24 19:18 UTC] No.41889977{3}[source]
That's weird, I thought the original also decrypted them. (You pass the key in the hash fragment, which your browser doesn't send to the server.)
replies(1): >>41892208 #
26. Vinnl ◴[19 Oct 24 19:19 UTC] No.41889987[source]
I've been using this version for a while, presumably it's just gone under the radar enough. So please don't upvote this too much, haha.
27. ghostly_s ◴[19 Oct 24 19:22 UTC] No.41890019[source]
If it's truly e2e how would they even know what's being shared on it?
replies(1): >>41890094 #
28. chasil ◴[19 Oct 24 19:29 UTC] No.41890075[source]
I have been using both Swisstransfer.com and filetransfer.io since Firefox Send shut down.

How have they dealt with this?

29. immibis ◴[19 Oct 24 19:31 UTC] No.41890094{3}[source]
Because some people would tell them. For example, the FBI would look at a child porn sharing forum and observe a lot of people sharing Send links. Then they would go to the operators of Send servers, and "strongly suggest" that it should shut down.
replies(1): >>41890553 #
30. blacksmith_tb ◴[19 Oct 24 19:47 UTC] No.41890221[source]
I am partial to croc[1] which will send directly on your local network, or encrypted through a relay across the 'net.

1: https://github.com/schollz/croc

replies(2): >>41890573 #>>41895471 #
31. benatkin ◴[19 Oct 24 19:52 UTC] No.41890263{3}[source]
It could incidentally be closed source, then. I stand corrected.

Sometimes devs & teams of devs wait until their code is finished to put it online. I tend not to – most of my unfinished code open source code is online. I understand the pros/cons of each way though.

32. plingbang ◴[19 Oct 24 20:07 UTC] No.41890376[source]
For a case when file sharing is intended between individuals or small groups there's an easy solution:

Anyone who got the link should be able to delete the file.

This should deter one from using the file sharing tool as free hosting for possibly bad content. One can also build a bot that deletes every file found on public internet.

replies(3): >>41890444 #>>41891261 #>>41894038 #
33. giancarlostoro ◴[19 Oct 24 20:15 UTC] No.41890444{3}[source]
That then ruins perfectly valid use cases that someone could maliciously delete the file for.
replies(1): >>41890478 #
34. atoav ◴[19 Oct 24 20:21 UTC] No.41890478{4}[source]
But it allows sending. That might be an okay tradeoff, depending on what you're aiming for.

Anonymous file hosting isn't something I'd be keen to offer, given the nhmber of people who would happily just abuse it.

replies(1): >>41891532 #
35. lovethevoid ◴[19 Oct 24 20:27 UTC] No.41890531[source]
For Firefox Send, it was actually malware and spearfishing attacks that were spread.

The combination of limited file availability (reducing the ability to report bad actors), as well as Firefox urls being inherently trusted within orgs (bypassing a lot of basic email/file filtering/scanning), was the reason it became so popular for criminals to use. Like we've seen in the spearfishing attacks in India[1].

[1]: https://www.amnesty.org/en/latest/research/2020/06/india-hum...

36. KomoD ◴[19 Oct 24 20:30 UTC] No.41890553{4}[source]
> and "strongly suggest" that it should shut down.

I don't know about that, is there any documented case of that?

I feel like they'd probably just contact them and ask for removal of the file(s) and to forward any logs?

replies(1): >>41892100 #
37. KomoD ◴[19 Oct 24 20:33 UTC] No.41890573{3}[source]
For local transfers (mainly between my phone, pc and laptop) I've been using LocalSend, works great.
38. burcs ◴[19 Oct 24 20:35 UTC] No.41890588[source]
I recently launched www.64.surf that uses the URL to send files, obviously a much smaller file size, but was fun to build regardless.

Basically, base64 encode the file, inject it in the URL and then allows you to share it with other people.

replies(3): >>41890689 #>>41890698 #>>41890859 #
39. NetOpWibby ◴[19 Oct 24 20:50 UTC] No.41890689[source]
Cloudflare issue when loading the URL
40. leonry ◴[19 Oct 24 20:52 UTC] No.41890697[source]
A command line version by the same author: https://github.com/timvisee/ffsend
41. 0x073 ◴[19 Oct 24 20:52 UTC] No.41890698[source]
Then you send the file as base64 prefixed with your URL?

Where is the use, except that's cool to build?

42. deknos ◴[19 Oct 24 20:56 UTC] No.41890723[source]
Is there a version of this, where i can allow emailadresses to upload things/download things/share things with other emailaddresses?

Like firefox send but some version of authentication via email? I am aware that i would need a way to send emails so the emailaddresses get authentication

replies(1): >>41892484 #
43. neilv ◴[19 Oct 24 21:03 UTC] No.41890775[source]
Do we know whether this uploading is motivated by actual pedo reasons, by anti-pedo honeypot reasons, by sociopathic trolling reasons, by sabotage reasons (state, or commercial), or something else?

It's discouraging to think that privacy&security solutions for good people might end up being used primarily by bad people, but I don't know whether that's the situation, nor what the actual numbers are.

replies(1): >>41891039 #
44. ◴[19 Oct 24 21:15 UTC] No.41890836[source]
45. Faaak ◴[19 Oct 24 21:18 UTC] No.41890851[source]
swisstransfer.com, up to 50GB
46. eptcyka ◴[19 Oct 24 21:19 UTC] No.41890859[source]
If the URL contains the file, what is the difference between sending the URL and the actual file contents in practice?
47. Barrin92 ◴[19 Oct 24 21:53 UTC] No.41891039{3}[source]
It is just pedophiles. A user posted here on HN a while ago that they ran a Tor exist node and the overwhelming majority of it was CSAM or other cybercrime. Here in Germany they busted some underground forum and a single individual had 35TB worth of it at home. There's no great conspiracy, the criminal underworld is huge and they use every service that doesn't clamp down on it in some form.
replies(3): >>41891697 #>>41894830 #>>41896624 #
48. ipaddr ◴[19 Oct 24 22:26 UTC] No.41891261{3}[source]
Or the link expires after a download.
replies(1): >>41893564 #
49. ajsnigrutin ◴[19 Oct 24 23:13 UTC] No.41891532{5}[source]
But people would abuse the delete button too.

Imagine some computer work with a class of high school kids, where a teacher has to send them a file... there will be maybe three full downloads max, before someone presses the "delete" button.

replies(2): >>41891687 #>>41892852 #
50. bachmeier ◴[19 Oct 24 23:26 UTC] No.41891621{3}[source]
Yeah, I didn't word that very well. We tend to trust services like Bitwarden and Fastmail. I should have probably said a service you've never heard of.
51. terribleperson ◴[19 Oct 24 23:38 UTC] No.41891687{6}[source]
For a lot of use cases, simply sending the address of the deleter to whoever sent the file would suffice. Next time, just don't send it to them, or apply real-world consequences.

Sure, it wouldn't work for a large public setting... but it'd work for many other settings.

52. neilv ◴[19 Oct 24 23:40 UTC] No.41891697{4}[source]
That's discouraging, if true. I don't mind doing the occasional on-principle thing (like running Tor Browser for general-purpose browsing, and Tor as the VPN plugin on my phone), and maybe it's a citizen-technologist obligation to do my share of that. But I'd rather not have some Orwellian Bayesian system flagging me for using Tor.
replies(1): >>41894491 #
53. _-_-__-_-_- ◴[20 Oct 24 00:42 UTC] No.41891983[source]
As others have said, I use a combination of LocalSend on all my devices (Win64, Linux, iOS…) and a Syncthing folder that I call QuickSync and added as a shortcut to all of my file managers a few years ago. Syncthing, in particular, works so well that you don’t even notice it, until you have a file conflict. It’s a great solution to have files synced easily.
replies(1): >>41891997 #
54. amelius ◴[20 Oct 24 00:47 UTC] No.41891997[source]
Can you also use it to send files to, say, a colleague in the same office?

Or to a client asking for a file in an e-mail?

replies(1): >>41892409 #
55. copperx ◴[20 Oct 24 00:50 UTC] No.41892010[source]
That's really cool. Tailscale has a built in local send function that works brilliantly too.
56. jasonjayr ◴[20 Oct 24 01:11 UTC] No.41892100{5}[source]
"We know that this link includes material that is illegal to possess, and it is on your server."

"We don't know the contents of the files on our server, so we can't know that is was illegal"

"Fine, delete that file, and we won't charge you for possession this time. Now that you know your service is used for this illegal material, you need to stop hosting material like that."

"How, if we don't know what's in the file sent to our server?"

"... maybe don't take random files you don't know about, and share them on the open web with anonymous users?"

replies(1): >>41893517 #
57. benatkin ◴[20 Oct 24 01:35 UTC] No.41892208{4}[source]
I wouldn’t be surprised if that hash fragment is sent to URL previews in otherwise encrypted chats. I did that too in my own program and it felt wrong. https://codeberg.org/macchiato/encshare-app I think I’ll change it, if not in my old project then in the next one.
58. qudat ◴[20 Oct 24 01:39 UTC] No.41892233[source]
Checkout https://pipe.pico.sh which is a system for networked Unix pipes using ssh.
59. rashkov ◴[20 Oct 24 02:02 UTC] No.41892336[source]
It’s really a delightful piece of software. Came to the comments just to mention it, definitely recommended
60. _-_-__-_-_- ◴[20 Oct 24 02:21 UTC] No.41892409{3}[source]
I have no idea. If you’re on the same LAN, I assume you can use LocalSend, although I haven’t had any luck with it on my corporate, segregated, network. I’m betting it doesn’t work with complicated configs or MAC address filtering.
replies(1): >>41896235 #
61. kevincox ◴[20 Oct 24 02:37 UTC] No.41892484[source]
Just email the link? The receiver has authenticated by getting the email.
replies(1): >>41893515 #
62. terrycody ◴[20 Oct 24 03:05 UTC] No.41892570[source]
Thank you! This is handy as hell, after firefox send gone.
63. bastawhiz ◴[20 Oct 24 04:25 UTC] No.41892852{6}[source]
Sending files anonymously and sending files easily seems like mutually exclusive problems. If it's easy and anonymous, it's too easy to abuse. The teacher should just be using file storage that is tied to an account: it's not as though they're trying to stay hidden from their students
64. elric ◴[20 Oct 24 06:01 UTC] No.41893229{3}[source]
Good, that will distract them for a while and will prevent them from actively making TB even worse with every release.

I like keeping my software secure and up to date, but I dread every TB upgrade, wondering what stupid cosmetic change will trip me up this time.

65. jart ◴[20 Oct 24 06:56 UTC] No.41893466[source]
If governments and big tech want to help, they should upload one of their CSAM detection models to Hugging Face, so system administrators can just block it. Ideally I should be able to run a command `iscsam 123.jpg` and it prints a number like 0.9 to indicate 90% confidence that it is. No one else but them can do it, since there's obviously no legal way to train such a model. Even though we know that governments have already done it. If they won't give service operators the tools to keep abuse off their communications systems, then operators shouldn't be held accountable for what people do with them.
replies(4): >>41893921 #>>41894046 #>>41894311 #>>41898004 #
66. deknos ◴[20 Oct 24 07:09 UTC] No.41893515{3}[source]
it would be nice, if i could upload something and say, okay, this list of emailadresses get the link of it.
67. snowe2010 ◴[20 Oct 24 07:09 UTC] No.41893517{6}[source]
That’s not how csam reporting works at all. You aren’t punished for csam being on your server, as long as you do something about it. You can easily set up cloudflare to block and report csam to the NCMEC (not the FBI) and it will all be handled automatically.
replies(1): >>41893897 #
68. tommica ◴[20 Oct 24 07:19 UTC] No.41893564{4}[source]
Sucks for people that have a shitty connection
replies(1): >>41894106 #
69. immibis ◴[20 Oct 24 08:33 UTC] No.41893897{7}[source]
Maybe a judge would see it that way, but FBI agents aren't required to act like judges.
replies(1): >>41895731 #
70. kevindamm ◴[20 Oct 24 08:37 UTC] No.41893921{3}[source]
The biggest risk with opening a tool like that is that it potentially enables offenders to figure out what can get past it.
replies(3): >>41894409 #>>41895156 #>>41909786 #
71. PoignardAzur ◴[20 Oct 24 08:58 UTC] No.41894038{3}[source]
Oh, that's pretty clever!
72. blackoil ◴[20 Oct 24 09:01 UTC] No.41894046{3}[source]
Perpetrators will keep tweaking image till they get score of 0.1
replies(2): >>41894419 #>>41895566 #
73. aembleton ◴[20 Oct 24 09:14 UTC] No.41894106{5}[source]
The server would know when a download has completed.
74. miki123211 ◴[20 Oct 24 10:02 UTC] No.41894311{3}[source]
This would potentially let somebody create a "reverse" model, so I don't think that's a good idea.

Imagine an image generation model whose loss function is essentially "make this other model classify your image as CSAM."

I'm not entirely convinced whether it would create actual CSAM instead of adversarial examples, but we've seen other models of various kinds "reversed" in a similar vein, so I think there's quite a bit of risk there.

replies(1): >>41894453 #
75. jart ◴[20 Oct 24 10:29 UTC] No.41894409{4}[source]
So they publish an updated model every three months that works better.
76. amelius ◴[20 Oct 24 10:31 UTC] No.41894419{4}[source]
How about the government running a service where you can ask them to validate an image?

Trying to tweak an image will not work because you will find the police on your doorstep.

replies(2): >>41894533 #>>41895184 #
77. jart ◴[20 Oct 24 10:38 UTC] No.41894453{4}[source]
Are you saying someone will use it to create a CSAM generator? It'd be like turning smoke detectors into a nuclear bomb. If someone that smart wants this, then there are easier ways for them to do it. Analyzing the detector could let you tune normal images in an adversarial way that'll cause them to be detected as CSAM by a specific release of a specific model. So long as you're not using the model to automate swatting, that's not going to amount to much more than a DEFCON talk about annoying people.
replies(1): >>41895099 #
78. 1oooqooq ◴[20 Oct 24 10:47 UTC] No.41894491{5}[source]
run a node. but never an exit one.
79. jart ◴[20 Oct 24 11:00 UTC] No.41894533{5}[source]
The government doesn't need more dragnet surveillance capabilities than it already has. Also this solution basically asks the service operator to upload illegal content to the government. So there would need to be a strong guarantee they wouldn't use that as proof the service operator has committed a crime. Imagine what they would do to Elon Musk if he did that to run X. The government is also usually incompetent at running reliable services.
replies(1): >>41895790 #
80. logicziller ◴[20 Oct 24 12:07 UTC] No.41894803[source]
Even if Mozilla retired the service, they should've at least kept the repository active so people can send patches.

I find this applications like this very useful to self-host. Sometimes I need to send someone a file quickly and this can come in handy. I don't need to allow uploads from everyone and I can just whitelist IPs for the upload URL.

At present I'm using Project Send.

81. jmorenoamor ◴[20 Oct 24 12:12 UTC] No.41894830{4}[source]
Naive question. Isn't tor supposed to be private? How can you know the contents of the communication just by running a node?
replies(1): >>41894899 #
82. LikesPwsh ◴[20 Oct 24 12:27 UTC] No.41894899{5}[source]
If it's an exit node, you know what the user is connecting to but not which user.
83. whitefang ◴[20 Oct 24 12:39 UTC] No.41894967[source]
I self host this and probably the best looking and working file sharing app. Works well for me as the files are ephemeral and the upload is protected by cloudflare access.
84. b-lee ◴[20 Oct 24 12:47 UTC] No.41895010[source]
I opened the landing page on Safari on M1 Mac and found out it was using 25% GPU one hour later…
85. nanna ◴[20 Oct 24 13:01 UTC] No.41895093{3}[source]
The excellent FileLink plugin for Thunderbird already makes it a sinch to transmit a file via a Next/Owncloud instance instead of as an attachment to an email. Worth running a *cloud instance just for it imo.

https://gitlab.com/joendres/filelink-nextcloud

86. throwaway290 ◴[20 Oct 24 13:01 UTC] No.41895099{5}[source]
I think the point is generating an image that looks normal but causes the model to false positive and the unsuspecting person then gets reported
replies(1): >>41898948 #
87. marpstar ◴[20 Oct 24 13:13 UTC] No.41895156{4}[source]
Fair point, but wouldn’t we rather they be spending their time doing that than actively abusing kids?
88. charrondev ◴[20 Oct 24 13:16 UTC] No.41895184{5}[source]
My understanding is at that Microsoft runs such a tool and you can request access to it. (PhotoDNA). As I understand you hash an image send it to them and get back a response.
89. j1elo ◴[20 Oct 24 13:35 UTC] No.41895276[source]
I based off someone's quick notes and made it a ready to use script, in case it's useful for anyone:

https://github.com/j1elo/slow-network

Your article is very interesting and details some practical use cases, thanks! I will read it to see if there are any new ideas to incorporate.

90. j1elo ◴[20 Oct 24 13:41 UTC] No.41895309[source]
What I'd love to have is a deposit of files to be shared within a group of people.

Say we're 8 friends traveling through the middle of Greenland (read: no niceties like WiFi), and on the evening we want to share the photos of the day with everyone else.

In short, an evolution of the myriad of file sending copycats that exist: the same idea but for a shared bucket of files (I don't think doing N individual shares fits the bill, that'd just be a poor man's solution for the lack of a proper alternative)

Commenting this in hopes that the HN popular wisdom knows about something similar! :)

replies(3): >>41895357 #>>41895759 #>>41897168 #
91. melicerte ◴[20 Oct 24 13:47 UTC] No.41895338[source]
In my opinion, the idea behind Firefox send was a real step towards a more greener IT. The elephant in the room here that no one is talking about is the impact of the email with attachment on climate change. In 2018 (that's the best I could find) nearly 600 billion emails are distributed every day around the world. Im' pretty sure this is a lot more nowadays. No matter the truth, this colossal figure is not without impact on the environment. From the PC to the data center to the small lithium battery of a smartphone, email consumes electricity and its consequences on greenhouse gas emissions are far from negligible.

Studies on the subject (very few actually, if you have intel on that matter, let me know) have already been conducted and reveal that a simple email with an attachment of 1MB produces around 15 grams of CO2[1]. Obviously, this figure increases with the size of the email. This is the case, for example, when the email includes large attachments or if the email is sent to several recipients.

With the use of the IMAP protocol, one email sent has at least 6 permanent copies (from the sent item in the sender email client to the inbox of the recipient, through sender and recipients email server which hopefully have long term archiving).

A solution like firefox send with automatic shredding of the file after an expiration period to replace email attachment would drastically reduce the consequences of email usage on greenhouse gas emissions. It would also resolve other issues related to sending files by email, but that would make this post waaaayyy to long :-)

[1] http://www.helixee.me/limpact-ecologique-des-e-mails/ (in French)

replies(3): >>41895379 #>>41895445 #>>41895548 #
92. zeroxfe ◴[20 Oct 24 13:51 UTC] No.41895357[source]
IPFS is probably the closest open-source thing here, but the UX for non-nerds is not great.
93. jamal-kumar ◴[20 Oct 24 13:55 UTC] No.41895379[source]
I'm sorry but if you're bean-counting email co2 usage and coming up with a unit of like 15 grams of a physical substance per email then by that logic we should basically all go ted K luddite on our computers and phones, and simply throw them the fuck out the window right now. Imagine the pounds of CO2 I emit playing sonic the goddamn hedgehog why don't we.

I think environmentalists need to find more effective focuses than these if we want our goals to be achieved and for us to be taken remotely seriously

replies(3): >>41895415 #>>41895590 #>>41897303 #
94. beepbooptheory ◴[20 Oct 24 14:00 UTC] No.41895415{3}[source]
You dont have to have the same goals, its pretty serious but also its ok in the grander scheme of things if you don't want to think about this stuff. This wasn't even about "messaging", it was just a thing with a nice environmental upshot. No reason to be defensive.

Hope you have fun playing Sonic I guess?

replies(1): >>41895437 #
95. jamal-kumar ◴[20 Oct 24 14:03 UTC] No.41895437{4}[source]
Yeah he goes fast haha

No seriously, just extrapolate that for a second and try to tell me with a straight face that all the gamer kids playing with whatever it takes to render a modern game, and by the logic I'm reading from that french article those kid are basically each a victorian age factory spewing out so much carbon gunk we're going to need to bring back chimney sweeps, like yeah I don't really think that the logic of restricting emails is going to change a lot when people are literally just out there playing video games.

I'm being "defensive" because as an environmentalist I think that we need to get real and target the real emitters. It's mostly military functions, international shipping, and still going and generating power in the first place using non renewable sources that maybe we should be focusing on rather than this BP-orchestrated carbon footprint bullshit that they foisted on people as a psyop to convince us that we're the problem that need to change

replies(1): >>41895444 #
96. beepbooptheory ◴[20 Oct 24 14:05 UTC] No.41895444{5}[source]
Right, but you're just offering fatalism back, right? Its fine, but that's not like an argument against it. Its just articulating the problem again but saying its impossible to solve.
replies(1): >>41895482 #
97. Arch-TK ◴[20 Oct 24 14:05 UTC] No.41895445[source]
How did you get 6?

I run my own infra and on my end I see 1 permanent server side copy and 1 temporary local copy.

replies(1): >>41895510 #
98. justusthane ◴[20 Oct 24 14:08 UTC] No.41895471{3}[source]
Of all the P2P file transfer tools I’ve tried (Magic Wormhole, file.pizza, localsend, etc) I’ve had the best luck with croc working under various network configurations.
99. jamal-kumar ◴[20 Oct 24 14:09 UTC] No.41895482{6}[source]
No I'm offering that it's incredibly wrong to go bean counting email co2 usage when this is a dead end solution blaming end users for a problem caused by large corporations. It causes people to take environmentalism less seriously and doesn't change a thing for the greater good.

It's not letting me reply to your further comment but here's some links for you to really 'get it'

https://www.clf.org/blog/the-truth-about-carbon-footprints/

https://www.theguardian.com/commentisfree/2021/aug/23/big-oi...

replies(1): >>41895511 #
100. winternewt ◴[20 Oct 24 14:15 UTC] No.41895509[source]
What's the catch? Who is paying for storage and maintenance?
101. melicerte ◴[20 Oct 24 14:15 UTC] No.41895510{3}[source]
1. local copy of the file on the sender computer

2. local copy in the send item once sent

3. a copy on the sender email server

4. a copy on the receiver email server

5. a copy on the inbox of the receiver

6. add one if the file is saved as a local copy on the sender computer

And this does not take into consideration backups (like local backups and email server backups). Also, the number increases obviously by the number of recipients (points 4, 5 and 6).

(edited for layout)

replies(1): >>41902956 #
102. beepbooptheory ◴[20 Oct 24 14:15 UTC] No.41895511{7}[source]
I'm a little confused. GP was simply pointing something out as maybe a good aspect of this kind of file transfer flow. It doesn't matter what "people think of environmentalism" in this case (and so many other cases). Environmentalism != the environment. Nobody was chastising you for having too big an email attachment.

In general I dont get this line where people think this stuff is all just a huge PR (as press relations) issue. It doesnt matter what you or I think. We are kinda way past that. There is no cultural battle to win, and even if there was, it really wouldn't matter!

103. psnehanshu ◴[20 Oct 24 14:16 UTC] No.41895515[source]
I use ToffeeShare. It also uses WebRTC for p2p transfer. But it fallbacks to a central server if p2p can't be established (just like a TURN server)
104. melicerte ◴[20 Oct 24 14:22 UTC] No.41895548[source]
I see I'm being downvoted which is ok but to the down voters, I genuinely wonder why ?
105. baby_souffle ◴[20 Oct 24 14:24 UTC] No.41895566{4}[source]
> Perpetrators will keep tweaking image till they get score of 0.1

Isn't this - more or less - already happening?

Perpetrators that don't find _some way_ of creating/sharing csam that's low risk get arrested. The "fear of being in jail" is already driving these people to invent/seek out ways to score a 0.1.

106. melicerte ◴[20 Oct 24 14:26 UTC] No.41895573[source]
Don't forget the encryption step is done locally by the browser before the file is transmitted to the server. As such, you better have a limit.
107. melicerte ◴[20 Oct 24 14:29 UTC] No.41895590{3}[source]
No matter the amount of CO2 emitted, can we agree emails and attachment produce a certain amount of it and that we could probably do better with alternate solutions than sending files by email. In that context, the idea behind firefox send was one possible way of being more efficient. That's all what I'm saying.
replies(1): >>41908063 #
108. Pooge ◴[20 Oct 24 14:33 UTC] No.41895618[source]
For those of you with a server on their hands, please consider hosting ProjectSend[1] to share files with friends. I haven't used it extensively but it's great for sharing files here and there. (I'm not affiliated in any way, just a happy user)

[1]: https://www.projectsend.org/

109. snowe2010 ◴[20 Oct 24 14:54 UTC] No.41895731{8}[source]
The fbi literally only investigates if the ncmec tells them to.

https://www.fbi.gov/investigate/violent-crime/vcac

110. mxuribe ◴[20 Oct 24 14:59 UTC] No.41895759[source]
> ...What I'd love to have is a deposit of files to be shared within a group of people...

Agreed, this is the key need! For sharing individual files, i think there are plenty of decent options - including this fork of FF Send, which by the way i have used and works perfectly fine. But, that whole desire to have a shared "bucket" or as you called it "deposit of files" or something similar, where a group of people can use as an area to constantly and consistently share files - and i would add to have those files be organized in a meaningful way - is still not something that i see executed really well.

For my family, its pretty simple in that have an existing shared area within our Onedrive, and manage files there...but there are at least 2 problems with that: 1) there isn't an embedded chat/communication mechanism...so files are separated from context of activity; and 2) what happens if the group that wants to share the bucket isn't family, or not connected on a single service like onedrive?

For simple sharing of files *that are ephemeral/not intended to be preserved nor organized properly* lots of people simply use a chat service. I use a dedicated, persistent room within matrix (yes, that matrix which is used for chat/instant messaging), and use it as my own little pastebin, file transfer/sharing system, etc. But, that approach lacks an organizability/findability of whatever files are loaded into it. So, sharing could be achieved for many participants via chat room, but there won't be a nice, easy way to find files shared from say X weeks ago.

I know that i added chat onto what was mentioned about having an area/deposit of files to share, but i feel having such a bucket in isolation may not be enough...i think some combination of chat or communication AS WELL AS an easy to organize bucket of sharing files is the key...i feel that once that nut has been cracked in a way that provides great UX, then whatever that service will be can have the potential to swallow at least a few existing services like dropbox, onedrive, google drive, etc....or, at least for some non-trivial percentage of users out there.

111. bigfudge ◴[20 Oct 24 15:05 UTC] No.41895790{6}[source]
"The government" in the UK already basically shields big internet operators from legal responsibility from showing teenagers how to tie a ligature. But I wouldn't characterise them as the problem — more public oversight or at least transparency of the behaviour of online operators who run services used by thousands of minors might not be a bad thing. The Musk comment also speaks to a paranoia that just isn't justified by anything that has happened in the past 10 years. The EU is in fact the only governmental organisation doing anything to constrain the power of billionaires to distort and control our public discourse through mass media and social media ownership.
replies(1): >>41901916 #
112. dominick-cc ◴[20 Oct 24 15:45 UTC] No.41896103[source]
I like localsend too. But for some reasons I need to disconnect from tailscale in order for it to work properly.
113. lenova ◴[20 Oct 24 16:01 UTC] No.41896235{4}[source]
https://github.com/localsend/protocol

Defaults:

- Multicast UDP for discovery

- HTTP for file transfer

Will work in an office, but not for a email transfer to a customer

114. 1over137 ◴[20 Oct 24 16:23 UTC] No.41896434[source]
No commits since 1.5 years. Is this software “done” or no longer supported?
115. immibis ◴[20 Oct 24 16:43 UTC] No.41896624{4}[source]
How would they know their traffic was csam? Traffic passing through an exit node is traffic between a Tor user and the open Internet. Who's running csam servers on the open Internet instead of as hidden services? And without https? Especially when Tor Browser enforces https? This story doesn't add up at all.

They did bust a site owner despite Tor, though. That story's true.

116. INTPenis ◴[20 Oct 24 16:59 UTC] No.41896754[source]
I had a Send instance exposed online for years, but I changed it to 1 day retention and I never had any issues.

It was literally just to send large files between friends so more than 1 day was redundant.

117. EasyMark ◴[20 Oct 24 17:54 UTC] No.41897168[source]
Maybe one could modify an existing server based file sharing app and add a public/private key mechanism that only people who have shared their keys with the server will get to keep their files on the server, if they key doesn’t match what the client signed with and was pre-registered it gets deleted instantly. That would prevent CSAM etc from a hostile intrusion. Of course it requires vigilance of the group. I envision this working for small groups who have email or Signal contacts with each other. It needs that “it takes a village to manage a friends share” mentality.
118. EasyMark ◴[20 Oct 24 18:01 UTC] No.41897208[source]
Wouldn’t it need to at least go through the middle man as a relay for webrtc to work? Most people are behind so many layers I don’t see how webrtc could work any other way for the average user.
replies(1): >>41898804 #
119. EasyMark ◴[20 Oct 24 18:04 UTC] No.41897239{5}[source]
You probably can’t but if you’re one of those people who keeps passwords with Bitwarden, you probably trust them, and it’s nice to have this service as well.
120. EasyMark ◴[20 Oct 24 18:11 UTC] No.41897303{3}[source]
I agree. This is also the type of mentality that if one throws it out to the public makes everyone throw up their hands and say “do we worry about browsing the internet now? That’s a lot of CO2 too?”and then people get tired of worrying about it and just say “toss it all, I don’t care any longer”. There is fatigue that sets in when we’re supposed to constantly worry about everything so might as well worry about nothing and not fix the really big problems like where we source our energy from and getting rid of fossil fuels and the chemicals that corporations are trying to convince us are not that bad into our bodies. Now I gotta worry about emails and the most energy efficient file transfer methods? I don’t think so.
121. andy_xor_andrew ◴[20 Oct 24 18:31 UTC] No.41897461[source]
is it weird that my first reaction upon reading the title is “a product with Firefox in the name isn’t already open source??”
122. tonetegeatinst ◴[20 Oct 24 19:50 UTC] No.41898004{3}[source]
Pretty sure apple already scans your photos for csam, so the best way would be to just throw any files a user plans on sharing into some folder an iPhone or iMac has access to.
123. mainframed ◴[20 Oct 24 21:48 UTC] No.41898763[source]
I love Snapdrop [0] for that use case, since it doesn't require downloading/installing an app.

[0] https://snapdrop.net/

124. gpm ◴[20 Oct 24 21:54 UTC] No.41898804{3}[source]
WebRtc usually manages to punch a hole in my experience (which, to be fair, isn't with particularly hostile network architecture), but I believe it does go through a middle man relay if that fails.
125. jart ◴[20 Oct 24 22:16 UTC] No.41898948{6}[source]
If you have a csam detection model that can run locally, the vast majority of sysadmins who use it will just delete the content and ban whoever posted it. Why would they report someone to the police? If you're running a file sharing service, you probably don't even know the identities of your users. You could try looking up the user IP on WHOIS and emailing the abuse contact, but chances are no one is listening and no one will care. What's important is that (1) it'll be harder to distribute this material, (2) service operators who are just trying to build and innovate will be able to easily protect themselves with minimal cost.
replies(2): >>41899968 #>>41900646 #
126. halJordan ◴[21 Oct 24 01:39 UTC] No.41899968{7}[source]
You are mandated to report what you find. If the g-men find out you've not only been failing to report crimes, but also destroying the evidence they will come after you.
replies(4): >>41900472 #>>41900503 #>>41900625 #>>41900671 #
127. ◴[21 Oct 24 03:38 UTC] No.41900472{8}[source]
128. jart ◴[21 Oct 24 03:45 UTC] No.41900503{8}[source]
Wow. I had no idea. That would explain why no one's uploaded a csam detection model to Hugging Face yet. Smartest thing to do then is probably use a model for detecting nsfw content and categorically delete the superset. Perhaps this is the reason the whole Internet feels like LinkedIn these days.
129. dragonwriter ◴[21 Oct 24 04:11 UTC] No.41900625{8}[source]
Note that this is specific to CSAM, not crimes in general. Specifically, online service providers are required to report any detected actual or imminent violation of laws regarding child sex abuse (including CSAM) and there are substantial fines for violations of the reporting requirement.

https://www.law.cornell.edu/uscode/text/18/2258A

130. throwaway290 ◴[21 Oct 24 04:16 UTC] No.41900646{7}[source]
Someone send you a meme that looks like a meme, you share it through messenger, the meme looks like something else to the messenger, messenger reports you to NCMEC. It's NOT police but they can forward it to police. As a side effect NCMEC gets overloaded helping more of real abuse continue.
131. throwaway290 ◴[21 Oct 24 04:22 UTC] No.41900671{8}[source]
Not "crimes". Child sexual exploitation related crimes specifically.

And not "you" unless you are operating a service and this evidence is found in your systems.

This is how "g-men" misinformation of born

132. jart ◴[21 Oct 24 08:29 UTC] No.41901916{7}[source]
You mean the government of Prince Andrew?

Yeah I think I understand now why they want the csam so badly.

replies(1): >>41903528 #
133. Arch-TK ◴[21 Oct 24 11:24 UTC] No.41902956{4}[source]
I don't know why you keep counting two server side copies for each side.

It's 4 total if both sides cache the file indefinitely and 2 otherwise.

edit:

Okay, I see, you are talking about physical files.

Sure then there might be up to 6 copies of the file.

134. bigfudge ◴[21 Oct 24 12:39 UTC] No.41903528{8}[source]
I don't understand this comment. Are you implying Prince Andrew was _in_ or part of the UK Government? This would be a weird misunderstanding of our system.

If it's just a general cynical "all gubernment is bad and full of pedos" then I'm not sure what the comment adds to this discussion.

135. jamal-kumar ◴[21 Oct 24 20:14 UTC] No.41908063{4}[source]
I can get behind that for sure. I often live in places with stuff like electricity shortages and I'm sure we could be doing more robust/better communications using all sorts of underutilized technologies and standards that already exist - I really like stuff like LoraWAN. However nitpicking on emails when there's way way way bigger consumers of electricity seems like the most distracted nonsense ever
136. cr125rider ◴[21 Oct 24 23:55 UTC] No.41909786{4}[source]
So security by obscurity? Man, open source software must suck…