Simply put, it works like this:
-Check the file or folder you want to send
-Compress it, if it is needed and wise
-Split and Encrypt with advanced standards
-Give you an optional choice to add a heavy layer of password protection
-Give you a nice link to share
-Upload the parts, in the meantime, the receiver can get the file as you upload them
We are using a Gaia provider, and give users a limited 512MB per file plan, that should cover most of the daily uses.
But, you can make your own provider and set it at sign up, then all the files will be uploaded on that provider, and no files, key, or metadata will touch our servers.
Also, PLUS plan is on the way.
Why blockchain? Because there's one FAQ that you're obviously missing: "How do I delete a compromised/accidentally-uploaded file?" and I suspect it's because the answer is "You can't."
This would be the last place I'd upload anything important. Once that URL/password get out, whatever "secure" file I've uploaded is exposed forever.
I'd say the primary use case is data which you want to keep public forever. Such as your legacy before you pass away (it is pay once, host forever, right?). Such as an encrypted insurance file for Mr. Assange. I can also imagine this would be interesting for copyright infringement (eventually with spliced files; e.g. with RAR .rar .r01 r02 etc), or for an activism, or whistle-blower. I suppose though that once that 'blockchain' has a too bad ratio of 'morally bankrupt content' (that'd be our jurisdiction's definition) it'd just be forced to closed down the hard way.
In that case, that should be part of the selling point of the service. If it were pitched like that, I wouldn't have even considered "can't delete it" as an objection as I did, more as a strength.
Speaking of did anything happen with all those insurance files he posted during his exile/asylum in the embassy? Were the conditions extradition or did nothing ever come of them.
Yes Fnoord, this is one potential use case but not the primary one.
Our focus is on giving people an EASY and SECURE way to send their file to each other.
Most other services out there are easy to use but not secure or private, or very secure, but you need to be a semi developer to use them. If anyone shares their file publicly, it will be their responsibility.
https://send.firefox.com/ is probably the easiest way to securely send a file that I can think of off the top of my head. You don't need to be a developer, and the file is automatically deleted after a period of time.
With a file stored on the blockchain, I remain continuously and permanently vulnerable to a data breach or any other loss of secrecy control. The moment that link/password combo is compromised, that file is permanently public.
Now, you could argue that the moment a file is briefly public, it can be downloaded and thus is outside of your control anyway, and you'd be correct. But the case I'm more specifically thinking of is trying to send a large, reasonably secret file through email. You can't attack 1GB to mail, so you upload it somewhere and send the email with the url/password.
If you use Firefox Send, that file gets to its recipient, and then shortly thereafter, the link becomes invalid. If I use this service, that link stays valid forever. If my company's email archive is then later exfiltrated by a hacker or disgruntled employee, that secure file in the first case remains secure. In the second case, it's now compromised.
This doesn't invalidate certain uses of your service, but to not mention anywhere on your site that uploaded files will remain available irrevocably and forever is negligent.
All the files will be split and encrypted, then uploaded to a random hub on your provider of choice. Of course, we provide a free provider. No matter what provider, all files will be encrypted before leaving your machine.
About delete, as the name suggests, we don't have control on your file, we will encrypt it, give you the key, and then send it, like a very secure post.
Thank you very much!
BlackHole is a young project, and PLUS plan will be available along the way.
You should pre register, we will contact you with all the info.
https://blackhole.run/pre-register
I think he's more referring to the fact that we were already at a point where it was normal to do server side rendering. Now it's an add-on that the JS framework may support (https://vuejs.org/v2/guide/ssr.html).
You can have your own private web-based file transfer server in maybe around 100 lines of PHP where you have total control over file expiry and no need to trust any third parties except perhaps your VPS provider. If you need more secure than that, courier an encrypted thumb drive or something.
"For a Linux user, you can already build such a system yourself quite trivially by getting an FTP account, mounting it locally with curlftpfs, and then using SVN or CVS on the mounted filesystem. From Windows or Mac, this FTP account could be accessed through built-in software."
As I point out earlier, BlackHole goal is to give you a hassle free way to send your file in a private way. Many many users cannot and do not want to make their own service. Also, BlackHole has many layers of security and a nice interface to work with. For pro users, we are making a cool CLI version.
Also, you can use your own Gaia provider at signup, and all the files will be uploaded there.
Ugh. What a dismal experience trying to try this on my Darwin machine. I felt like I'm running into constant bait and switch moments.
> App added an icon to my menu bar and has no clickable menu to close it.
> The app opens up asking for a Blockstack login... no mention of this on the website. I have one but are typically people supposed to sign up for something seemingly unrelated?
> The 'x' button on the app minimizes it instead of closes it.
> The only way I figured out how to actually close it was by killing the process from the command line.
Sorry for hearing that. You mentioned really good points here. Please contact us from our website so we can work on problems you faced, and get you early access to new versions.
We appreciate your help.
We do not store any info from the users, except authentication info getting at signup that Blockstack needs.
BlackHole is not a social network or sharing service internally, see it like a secure post or a flash drive, whoever use it or post it publicly owns the responsibility, and where the links are shared, could be controlled.
36 comments
[ 1.6 ms ] story [ 84.6 ms ] threadWe are using a Gaia provider, and give users a limited 512MB per file plan, that should cover most of the daily uses. But, you can make your own provider and set it at sign up, then all the files will be uploaded on that provider, and no files, key, or metadata will touch our servers. Also, PLUS plan is on the way.
This would be the last place I'd upload anything important. Once that URL/password get out, whatever "secure" file I've uploaded is exposed forever.
That is true even if you can delete the uploaded file. Once someone else has seen it you no longer control distribution.
That said, you are right to distrust file transfer services by default. They are in a position to mess with you in many ways.
[1] https://github.com/warner/magic-wormhole
With a file stored on the blockchain, I remain continuously and permanently vulnerable to a data breach or any other loss of secrecy control. The moment that link/password combo is compromised, that file is permanently public.
Now, you could argue that the moment a file is briefly public, it can be downloaded and thus is outside of your control anyway, and you'd be correct. But the case I'm more specifically thinking of is trying to send a large, reasonably secret file through email. You can't attack 1GB to mail, so you upload it somewhere and send the email with the url/password.
If you use Firefox Send, that file gets to its recipient, and then shortly thereafter, the link becomes invalid. If I use this service, that link stays valid forever. If my company's email archive is then later exfiltrated by a hacker or disgruntled employee, that secure file in the first case remains secure. In the second case, it's now compromised.
This doesn't invalidate certain uses of your service, but to not mention anywhere on your site that uploaded files will remain available irrevocably and forever is negligent.
This appears to be a static content site after I enabled JS. Why can't the site display static content without JS?
"For a Linux user, you can already build such a system yourself quite trivially by getting an FTP account, mounting it locally with curlftpfs, and then using SVN or CVS on the mounted filesystem. From Windows or Mac, this FTP account could be accessed through built-in software."
> App added an icon to my menu bar and has no clickable menu to close it.
> The app opens up asking for a Blockstack login... no mention of this on the website. I have one but are typically people supposed to sign up for something seemingly unrelated?
> The 'x' button on the app minimizes it instead of closes it.
> The only way I figured out how to actually close it was by killing the process from the command line.
What processes do you have in place when law enforcement approach you for information?