Skip to content
This repository has been archived by the owner on Jun 24, 2022. It is now read-only.

✨ Feature Suggestion | Upgrade OnionShare as top 1 file sharing option, demote Firefox Send to 2nd #1684

Closed
lrq3000 opened this issue Feb 2, 2020 · 7 comments · Fixed by #1686
Labels
approved approved, waiting for a PR ✨ enhancement 🌐 website issue *Technical* issues with the website.

Comments

@lrq3000
Copy link
Contributor

lrq3000 commented Feb 2, 2020

Description

I suggest Firefox Send to be demoted from 1st to 2nd place in the File Sharing category, for the following reasons:

  1. Firefox Send retains IP addresses in logs for 90 days and could be used to identify an account. They are clear about this, so it's not a malpractice in any way, it's just a limitation of their system that needs to be accounted for.
  2. Files are stored (although encrypted) on a server. Mozilla is trustable apriori, but it's just less private than direct transfer between 2 parties.
  3. Filesize limited to 1 GB if (pseudo-)anonymous.

Compared to OnionShare, the only advantage of Firefox Send is that it does not require to install a software. But given the downsides, and the fact that OnionShare v2 now has a nice GUI that greatly eases file sharing (I would argue on par with Firefox Send interface: only one party needs to setup the software, the other can just use Tor Browser and access the given URL, maybe even access with a non-Tor browser through a Tor proxy but I did not test yet), it seems to me that OnionShare should be proposed as the top 1 suggestion on PTIO.

By comparison, Magic Wormhole vs Firefox Send would for me be a tie, because although Magic Wormhole allows for any file size and it removes the third-party server (and it works very well even behind corporate firewalls in my tests), the fact it requires to install Python and then launch a commandline on both the sender and receiver (in other words the low usability for the lambda user) counterbalances its advantages compared to Firefox Send great UX.

@Mikaela
Copy link
Contributor

Mikaela commented Feb 2, 2020

I wonder if the list should be in alphabetic order. And we should probably have a warning about the logging?

@Mikaela Mikaela added approved approved, waiting for a PR 🌐 website issue *Technical* issues with the website. labels Feb 2, 2020
@lrq3000
Copy link
Contributor Author

lrq3000 commented Feb 2, 2020

@Mikaela yes I forgot to suggest to add a warning about the logging, but indeed I (and other users to evaluate their threat model) would certainly appreciate it.

@lrq3000 lrq3000 mentioned this issue Feb 3, 2020
3 tasks
@blacklight447
Copy link
Collaborator

I do have to add though, onionshare has one downside: its a lot slower then firefox send.
Not saying that thats unexpected or that bad, but its certainly a thing to consider.

@danarel
Copy link
Contributor

danarel commented Feb 3, 2020

Another downside is that for "ease of use" OnoinShare is an obstacle for basic users. So while I could it see it being number one, i think the reason I would caution against it is that if my mom came to the site, saw that was number one, got confused by it, she wouldn't move on to number 2, and would then just share a file with whatever service she found online that was easiest.

@lrq3000
Copy link
Contributor Author

lrq3000 commented Feb 3, 2020

About the speed, I tested and it's not necessarily a lot slower, I could in fact achieve speeds of about 300-500 KB/s (there is no integrated speed meter so I had to estimate vaguely, this represents about 1/4th of the max speed achievable with the connection I used). It depends on whether the person downloading has the largest download bandwidth of the 2 parties. But yes of course it will always be slower than the clearnet.

About ease of use, yes OnionShare requires to install a software and the other party to use Tor Browser, hence an asymmetrical usage. There were discussions to implement symmetrical use (both parties using OnionShare), which would simplify things. Nevertheless, the minor reduction in UX compared to Firefox Send is not I think sufficient to counterbalance the caveats.

I don't know what are the exact criteria used by PTIO, but I imagine it to be something like a Nash equilibrium, where we try to maximize privacy protection and usability as two fronts. But there is no one perfect solution for everyone. So we need to define what kind of users are targeted. From other recommendations (and particularly the top ones, such as Firefox with tweaks as the top browser), it looks to me the target are people that are familiar enough with computers to at least: 1. install applications, 2. apply some easy changes/configurations in options and such. So it looks to me that OnionShare pass the minimum usability bar.

If usability was more important than privacy, then PTIO would be recommending other solutions that are not so private, since the gap in UX is so great that it would totally imbalance any advantage of privacy...

@blacklight447
Copy link
Collaborator

We are in the process of now writing criteria for every software and service section, So I will close this issue for now, with the intention to re open it once we reached the file sharing section on our criteria project.

@Mikaela
Copy link
Contributor

Mikaela commented Feb 10, 2020

So https://github.com/privacytoolsIO/privacytools.io/issues/977? How about the linked PR?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
approved approved, waiting for a PR ✨ enhancement 🌐 website issue *Technical* issues with the website.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants