Sharing files securely is a common challenge. Email attachments can be intercepted. Cloud services might scan your files. Regular file transfer methods leave your data vulnerable. Let’s explore secure alternatives and understand what “secure” really means in different contexts.
Why Standard File Sharing Isn’t Secure
When you email a file, it typically travels across multiple servers unencrypted or with only transport encryption (protecting it in transit but not at rest). Email providers and anyone with access to those servers can potentially access the file. Email is also notorious for being permanently stored – that sensitive document might sit in inboxes forever.
Cloud services like Dropbox or Google Drive encrypt files, but they hold the encryption keys. This means the service provider can access your files, as can government requests or data breaches. For many purposes, this is fine. For sensitive information, it’s problematic.
End-to-End Encrypted File Sharing
The gold standard for secure file sharing is end-to-end encryption: files are encrypted on your device and only decrypted on the recipient’s device. The service facilitating the transfer can’t access the file contents.
How it works: You encrypt the file using the recipient’s public key (or a shared password). The encrypted file is uploaded to a server. The recipient downloads and decrypts it with their private key (or the password). The server only ever sees encrypted data.
Tools offering this include:
Tresorit: End-to-end encrypted cloud storage and file sharing
Send (formerly Firefox Send): Free, temporary, encrypted file sharing
OnionShare: Tor-based file sharing that’s anonymous and encrypted
Cryptomator: Encrypts files before uploading to any cloud service
OnionShare: A Deep Dive
OnionShare deserves special attention because it combines encryption with anonymity. It works by turning your computer into a temporary Tor onion service. The recipient connects through Tor to download the file directly from your computer.
This means:
No third-party server touches your file
Transfer is end-to-end encrypted by Tor
Both sender and recipient can remain anonymous
Files disappear when you turn off sharing
The tradeoff is that both sender and recipient need Tor, and your computer must stay on during the transfer. For highly sensitive files shared between privacy-conscious users, it’s excellent.
Magic Wormhole: Simple and Secure
Magic Wormhole is beautifully simple: you run a command-line tool that generates a short code. Give that code to your recipient, who uses it to directly download the file from your computer. The connection is encrypted end-to-end.
No accounts, no servers storing your files, no configuration needed. It’s peer-to-peer file transfer done right. The downside is both sender and recipient need to be online simultaneously, and it requires command-line comfort.
GPG/PGP for Email Attachments
You can encrypt files with GPG (GNU Privacy Guard) before emailing thguarantees. The tradeoff is slightly reduced functionality – features requiring server-side file access (like automatic photo recognition) can’t work with encrypted files.
Temporary File Sharing Services
Sometimes you need to share a file once, then have it disappear. Several services specialize in this:
Send: Upload files up to 2.5GB (free tier), set expiration time and download limits, password protect, end-to-end encrypted
Wormhole: Web-based file sharing with end-to-end encryption and automatic expiration
These work well for sharing files with people who don’t have specialized privacy toolsem. The recipient needs your public key to verify the file came from you, and they decrypt it with their private key.
This approach works with standard email but requires technical knowledge and key management. It’s powerful but has a learning curve steep enough to discourage casual users.
Secure Cloud Options
Some cloud providers offer zero-knowledge encryption – they can’t access your files even if they wanted to:
Sync.com: Zero-knowledge cloud storage where files are encrypted client-side
SpiderOak: “No Knowledge” cloud storage and backup
Proton Drive: From the makers of ProtonMail, with end-to-end encryption
These services provide convenience similar to Dropbox but with stronger privacy installed.
Physical Transfer: The Sneakernet
Sometimes the most secure file transfer is physical: USB drives, SD cards, or even CD/DVDs handed directly to the recipient. This “sneakernet” method has advantages:
No internet-based interception possible
No metadata trail from online services
Physical control over the data
The downside is obviously the requirement for physical proximity. For extremely sensitive data, however, this remains one of the most secure options.
IPFS: Decentralized File Sharing
The InterPlanetary File System (IPFS) is a protocol for distributed file sharing. Instead of files living on one server, they’re distributed across many computers. Files are identified by content hash, not location.
IPFS provides:
Censorship resistance (no single point of failure)
Permanent file storage (as long as someone keeps hosting)
Verification that files haven’t been tampered with
However, files on IPFS are publicly accessible unless encrypted before uploading. It’s best for sharing public information in a censorship-resistant way, not for private file sharing.
Metadata Considerations
Secure file transfer isn’t just about encrypting content. Metadata matters too:
Who sent the file to whom
When it was sent
File size (which might reveal what it is)
Metadata embedded in the file itself (EXIF data in photos, author info in documents)
Tools like mat2 or ExifTool can strip metadata from files before sharing. OnionShare-style solutions hide transfer metadata by design.
Verifying File Integrity
How do you know the file you received is exactly what was sent? Cryptographic hashes provide verification. The sender computes a hash of the file and shares it through a separate channel. The recipient computes the hash of the received file. If they match, the file is intact.
Many secure file sharing tools include automatic integrity verification. This protects against both accidental corruption and malicious modification.
Choosing the Right Method
Different scenarios call for different solutions:
Casual file sharing with privacy-conscious friends: End-to-end encrypted temporary sharing services like Send
Ongoing collaboration with file sync: Zero-knowledge cloud storage like Sync.com or Tresorit
Highly sensitive documents: OnionShare or GPG-encrypted files
Large files between technical users: Magic Wormhole
Public distribution: IPFS or Tor hidden services
Maximum security, low-tech recipient: Encrypted USB drive via sneakernet
For Students and Researchers
Understanding secure file sharing matters for:
Academic integrity: Protecting research data and unpublished work
Collaboration: Securely sharing drafts, datasets, and materials with co-authors
Source protection: Journalism students learning to protect confidential sources
Personal privacy: Keeping personal files private in shared computing environments
Many universities now offer secure file sharing options. Understanding the principles helps you evaluate whether those tools meet your needs and how to use them correctly.
Secure file sharing isn’t one-size-fits-all. The “right” solution depends on your threat model, technical comfort, and specific needs. But understanding the options means you can make informed choices about protecting your files in transit.