I’ve been running 0807, a small self-hosted file host.
The idea is simple: drop a file, get a short link, and pick when it disappears.
A few things that might interest people here:
- No account, no ads, no trackers
- Auto-delete by time (1 hour up to 30 days, or never) or by a max number of downloads
- Optional password protection on files and notes
- Files up to 4 GB
- Reachable over Tor via an onion service
- Text notes with the same self-destruct and password options
Some file types are blocked for safety (exe, bat, scripts, etc).
Happy to answer questions about the setup or take feedback. It’s at v1.1 so I’m still iterating.
Questions:
Encryption: Is there any? I see that there is a password option, but does that lock the file or is that just to access the file itself.
Deletion: I see there are options related to the time the file can exist, but what are my guarantees that the file indeed will be deleted.
Selfhosting: Is this a venture you are offering to the public, or will there be an option to selfhost?
Please understand, I’m not trying to shit on your project. However, if there is no encryption, and no real guarantee the file will self destruct, I’d be hard pressed to use your service, unless it has a selfhosted option. It does look like there are some good options. I like the ability to tag a note for the recipients. The tor option is good too. Looks like you’ve put some time in on it. Polish it up, get some encryption options, and release the code on Github or equal so everyone view it and can make up their mind to use or not.
Thank you for sharing.
Hi, thanks for the comment. Let me answer your questions (and be 100% honest)
Regarding encryption: the password simply locks access to the file it does not encrypt its contents. And no, there is no encryption at rest the files remain on the disk exactly as they are.
The reason, to be honest is a security trade-off true end-to-end encryption means the server only sees encrypted data blocks which prevents me from scanning uploaded files for known CSAM and malware.
On an open and anonymous hosting service, I didn’t want to be in the dark about this. So it’s really a choice between two options, and I chose to keep the ability to scan files.
(+ incidentally, in the absence of any regulation, I could face some pretty serious legal trouble if someone decided to upload CSAM, malware, or any other illegal content)
Self-hosting: I am currently taking the necessary steps to publish the entire source code within a week, but for now, this is a public service.
I realize that my claims are just claims without any proof (since the source code isn’t open yet, and that’s totally understandable I would have done the same)
Awesome. I look forward to further iterations.