I used to run such a service but I stopped after police came to my door to get logs because it was used to share very illegal pictures.
They were friendly and I was never in cause myself, but I don't want to enable this kind of thing, or to have to deal with moderating content, even passively.
I'm happy other people provide such services, but just be aware they will inevitably be used for activities you probably don't want to facilitate.
This is a given (or at least I thought it was the usual) for many years now. Your only hope is that your service is too obtuse for the creeps/deviants to really grapple onto. Although considering how they are getting younger and younger (the perpetrators) even that is little condolence.
I've found myself in similar situations as yours, however now I just use other people's crap. I'm not willing to answer the phone like I was then; so yeah. It's a problem
Like, if the service provided just encrypted blobs + a piece of JS to decode them (with say URL containing the password), would you be in the clear or the police/law would just go "see I click the url that leads to your site and get the Bad Stuff, it's on you"
You might have to go through some hassle (and cost) to prove you are not deliberately aiding/abetting the transfer illegal content.
And in some jurisdictions you may be guilty of a lesser crime just be inadvertently aiding/abetting. The current UK government keeps trying to push through legislation that is a little scary in that respect.
If it matters, hire a lawyer for a legal opinion beforehand. Because there is a substantial probability you will be paying for legal advice later after the police have dropped by.
I mean the police aren't going to say oopsies based on your argument no matter how logical it sounds. They are there to serve the warrant.
Maybe this kind of thing works in the US but this is France and the law doesn't really stop at these technicalities, serving child porn as "encrypted blobs" certainly doesn't exonerate you of anything.
In fact, as a host (as opposed to an actual producer of illegal content) taking such steps to evade law would probably be rather counterproductive, compared to simply cooperating with law enforcement, since it would be difficult to claim acting in good faith.
It is difficult to say you host whatever files your customer gives you? The only people who want to store data on the internet must be using it for illicit activities?
There is nothing "difficult" and as I said, I wasn't accused of anything myself. But if you are a host, you must answer law enforcement when you are informed of illegal content.
And that's if you are content with simply hosting child porn until the police tells you you are.
That is true of any number of businesses. Banks, credit cards, roads, gas stations, ISPs, keyboard manufacturers, the people that craft those bribery-sacks with dollar-signs on the front. The buck has to stop somewhere, and I think intent/suspicion should play some role in that.
People distributing unmentionable content or using services for otherwise nefarious purposes are used to dealing with intermittent issues like that. It'll get rid of some but not all of them.
> c) expire & purge the (encrypted) content quickly
If your site turns out to be being used by a group that is raided, this will not stop your services being confiscated and very thoroughly investigated. You might be legally in the clear, but it may cost you time and hassle (and potentially money if you need to take on the services of a lawyer to help prove you did not intentionally aid/abet).
Also an end-to-end encrypted solution like that might be rather attractive to users both illegal and otherwise, so be ready for a huge bandwidth bill if/when a sizable group latches onto it!
If it is mostly intended for personal use, you may as well use some form of access control. We are long past the day when people would abuse such a service to share distasteful material and in an era when people would abuse such a service to share (rightfully) illegal material. While I was uncomfortable with the former, I certainly do not want to facilitate the latter.
Put the service behind a personal Tailscale tail net. Can still access from all of your devices and nobody else can push or pull.
Could crib notes from olden days and have a public/ subdirectory where files you drop in there are available read only to the public internet via separate endpoint.
Can also have a blind drop box that does the other direction (but does not allow the public to read).
That way you are read / write from all your devices, can publish to anyone, and can let anyone share things to you, you just don't facilitate anyone sharing to anyone.
There is also https://chunk.io/ in the https://transfer.sh category. It requires free registration by emailing the owner. It has some interesting features, like uploading multiple files in one HTTP request and syntax highlighting for source code. Files are associated with your account, so you can delete them without a per-file token and list them.
Came here just to sing the praises of croc myself. To be fair, it and Magic Wormhole are for different use-cases than 0x0 seems to be, one-time transfers of files between friends, basically. For posting things that should be available for multiple downloads by multiple people, it seems like torrents or IPFS would be reasonable choices.
I switched from a self-hosted transfer.sh instance to a selfhosted ffsend instance with r2 backend. Quality is much higher, easy to run on docker and its end-to-end encrypted. With the cli tools you can easily upload files from command line.
I thought of self-hosting this (it's fantastic, by the way), but why do that when there are public instances? Feels like too much work for little benefit.
transfer.sh looks amazing (i was recently looking into self hosting a wetransfer alternative) - how can such a service be free and unlimited? I may cancel my WeTransfer subscription right away, unless there is anything else to consider? 2 weeks is fine for my purposes.
I wish some magic-wormhole implementation came pre-installed on every major platform. When sharing files with others, getting the other side to install it is still a hurdle.
Then I do a quick look at my IP and pass it. If we're not on the same network, then I quickly create on with lnxrouter: https://github.com/garywill/linux-router
You mention constraining by IP, but worth emphasizing that http.server has a history of path traversal and other issues, some fairly recent. In case someone liked the simplicity for some broader use.
Different use case, obviously. netcat won't work if both peers are using NAT. Plus, this service enables distribution to many peers as well as asynchronous transmission.
No, it is direct peer to peer. Thus both computers need to be connected at the same time. If you want async you need a third computer to store the data.
It is a really elegant and ergonomic way to transfer files between computers. It doesn't need any preparatory setup like launching a "server", as with ssh or http. A single, short command line on each computer, and the file is copied.
The only pre-requisite is that both computers are actually connected to the internet. Unfortunately, NAT and other shit broke the internet so this is a difficult pre-requisite to fulfill nowadays. A sad tragedy of our times.
It still often works to transfer files directly between computers in the same lab.
On some installs of netcat you'll need to specify a port because they don't have a default one (typically 31337). Look at the manpage to see what is the case for yours.
Props to the person hosting this, reminds me of the early days of the net. It’s interesting that *.rar files are banned but other archives are not. My guess is that it was to stop some bot from uploading warez, or maybe due to password protection. It would be trivial to re-compress it again in another format, so it seems like a constant whack-a-mole game to me.
I dont understand something. There are countless forums and sites that ask for donations for hosting costs, and then on the other hand there are countless anon fileupload sites like this which happily store gigs of files/user without asking for money or putting up ads.
Whats the incentive for these sites? How do they stay operational?
By not growing too large (so costs don't explode) and the owner not minding to pay a bit to run it. Which usually means that they don't stay operational long-term-ish, or introduce stricter and stricter limits.
Image hosting sites are something where one could observe this very well over the years: an image hosting site launches and is fast and simple, operator offers generous service for free. Lots of people start using it. Bandwidth costs explode. Site adds advertising, cuts down on hotlinking, strictly limits free tiers ... to make some money back. Users get annoyed. Among them is a techy who thinks: "I can pay for a server or two, I'll launch a better image hosting site, without all the ads!". Such repeats the cycle of life (of image hosting sites)
Scale really hurts here - many people can easily run a service that doesn't have too many users (or many users that don't create much load) for years, but scale quickly pushes it out the side-hobby-thing budget.
Ah, I see. If I go back to an old version of fhost.py, the error you're seeing is just a big hardcoded string. So there is a deliberate handler, made to look like a crash. Strange.
def notfound(e):
return u"""<pre>Process {0} stopped
* thread #1: tid = {0}, {1:#018x}, name = '{2}'
frame #0:
Process {0} stopped
* thread #8: tid = {0}, {3:#018x}
fhost`get(path='{4}') + 27 at fhost.c:139, name = 'fhost/responder', stop reason = inv...
Inspired by 0x0.st, I wrote my own version powered by CloudFlare workers. It was initially mostly an excuse to learn more about CF Workers, but it ended up being useful to me too
They were friendly and I was never in cause myself, but I don't want to enable this kind of thing, or to have to deal with moderating content, even passively.
I'm happy other people provide such services, but just be aware they will inevitably be used for activities you probably don't want to facilitate.