Mozilla has presented Send, an experimental service that allows users to make an encrypted copy of a local file, store it on a remote server, and share it with a single recipient. The service allows to easily share large files in a secure way.
Once the copy has been shared, the data will be deleted from the server.
The Send service is offered through Mozilla’s Test Pilot program for previewing new features developed for the Firefox browser.
Then the user will receive an URL generated by the Mozilla Send service that contains the encryption key, this link can be shared with the recipient of the file.
“Each link created by Send will expire after one download or 24 hours, and all sent files will be automatically deleted from the Send server,” reads a blog post published by Mozilla.
Of course, the first thought is for privacy issues, but Mozilla clarified that it would not be able to unlock a stored file, even upon receipt of a lawful warrant.
Giving a look at the generated URL it is possible to note that a portion of the link after the character ‘#’ contains the generated key that is not sent to the Mozilla server.
Experts argue that anyway AWS is able to recover a file, for example, upon receipt of a lawful warrant it could be forced to retain them. The Send service sends the file name and other data in plain text.
The keys generated by the Mozilla Send service might be recoverable from the messaging service used to share it or from log files.
(Security Affairs – Mozilla Send service, encryption)