As a user I love the no-nonsense straight to the point (and download) page, but as a HN'er I'd like to know more about it (and the company) before installing the software.
We'll put up some more info about us in the near future. Here's a bit: we're programmers from the computer simulation world, data visualization world, high frequency trading world, and desktop application world. This tool is our first beta - we're looking to prove people will love it, and get your feedback about how it can be better.
I've used rsync --partial to move very large quantities of files between computers (> 1 million once). Especially on many files, it generally runs several times faster than the OS's copy-to-networked-computer functionality, and it resumes in an instant. It's even faster if you run a daemon on the other end, so you don't need to do a bunch of back-and-forth to determine if a file is new or not.
It boggles my mind that OSX (for example) doesn't just use this under the hood, especially when sending to other OSX machines. It's an OS speaking to itself - spinning up a daemon automatically on the receiver would be trivial.
Dropbox is horribly slow when working with 1000+ files. Especially if they are small files. Last time I tried it Drobbox would use 100% CPU and go rather slow (while rsync didn't).
This was about a year ago though, things may have been made better by now.
I wonder if this uses P2P at all or whether everything is routed through their servers? The former would be far more sustainable (although NAT problems ahoy if that's the only channel).
It does look like they're planning on offering a paid version:
"Upgrade to Pro with end-to-end encryption to make your transfers completely confidential. We can't even access your files."
That's exactly right. We think most people will love the free tool for their personal use, and that many businesses will be willing to pay for End-to-End Encryption and CloudCache.
At first I believed that the revenue stream was like this:
1) ppl give their e-mail address
2) you scan the attachments (eg. words, subject etc).
3) you create a database
4) you sell the database to advertisers (that already have my e-mail address and can enrich their data).
Why an app instead of a web service? Couldn't you accomplish this seamlessly with HTML5? Just curious. I'd be far more prone to use this if it worked across all platforms.
You are missing a Linux version. Yes, Linux has small market share yada yada yada, but you will find that a much larger percentage of new adapters and tech influencers are Linux users.
I was thinking the exact same thing, I feel very dissapointed every time I see something interesting at the top of HN, and when I'm going to try it out, there's no Linux version of it.
It's like you said, if they want a good number of beta testers/ early adopters, they should have a Linux version.
Yep. You can keep the design simple, but you need something to explain what you're doing (or not doing) with people's data. Also, a bit strange this wasn't made available considering you ask for my email address right after the application starts.
We're building the tool to send your bytes peer to peer (UDP hole punching) when it can, which works ~90% of the time. When it fails, we route your bytes through our servers. We don't store your bytes.
Trent here, from WireOver. The tool isn't a virus or malware, don't worry. It's just a file sending tool. We'll put up terms of service and a privacy policy very soon.
Your recipient gets an email with a download link. The link downloads a downloader. You run it, it downloads your files, then it deletes itself, unless you elect to install WireOver.
To give a proper introduction - I'm Trent, one of the co-founders of WireOver. We want our tool to become indispensable to all of you, and I really appreciate your feedback. I'm always impressed by how smart and useful your comments are. Thanks in advance.
Please give WireOver a spin and let me know what you think. I'm trent@wireover.com.
Thanks, I do see a great need for this. I wanted to transfer some medical records once and my doctor said he would just email them to me. I was aghast, but he said he did that all the time. I looked in vain for a secure file transfer system that would work for non-geeks.
That said, I don't see how you're going to be able to stay alive while offering unlimited bandwidth.
Sending medical records is one of our target cases. We will be HIPAA compliant.
I think we can sustain unlimited bandwidth because we're transferring files peer to peer, so the bytes go direct from sender to receiver. They don't have to go through our servers (except when P2P fails). So, we don't pay for (most of) the bandwidth. We're enabling you to use the bandwidth you're already paying your ISP for.
I've run a couple of tests and the email to pick up the file is not being received. If the user has to be logged in already and have the software downloaded, it's not clear at all. Expectation is that an email is received to notify of a file being available, and install software if it's a new account - which leads to more people using your service I would believe, being more viral in nature.
It is minimalistic and that's great! You say it is P2P, so would I end up paying for someone else's traffic like torrents ? I didn't see anything in the settings though.
I guess it's peer-to-peer, not peers-to-peers, that means you can send/get files to/from one endpoint, not from multiple endpoints. It is kind of a private file-sharing tool, not a public one such as bittorrent. Just guess, it would be better confirmed by the OP.
1. The sender generates an AES-256 key for the transfer.
2. The receiver sends a public key to the sender.
3. The sender encrypts the AES key with the public key, and sends to the receiver.
4. The receiver decrypts the AES key.
5. The sender then sends all the bytes, encrypted with AES.
The point of using the AES key is that it's faster to encrypt/decrypt. The point of using the public/private keys is to get that key to the receiver in a secure way.
The transfer has a session key from our server so each peer can validate the identity of the other peer.
If those steps are all of the protocol, this is vulnerable to a man in the middle attack. The way that that is done is by having Eve intercept the public key sent to the sender and instead sends his own. Then the sender sends Eve the AES key and Eve sends the recipient her own AES key accomplishing the man in the middle attack.
My understanding is that if the public key is transmitted from the receiver to the sender through our server instead of directly, that should be secure to MITM. This assumes that peer connections to our server are secure (SSL).
That opens additional way for malware find its way to non-technical user computer... Until now I could explain my granpa never to run any executables or downloads that come in emails.
I think you're opening a can of worms. The email is HTML, so it would be very hard for my granpa to verify that the link is actually to your site. As you can imagine it is very easy to make the email and site look exactly like yours, and even make the link URL itself look similar.
We're doing the downloaders because it let's us do p2p, which is how we can offer free and unlimited. It also affords end-to-end encryption, and resumable/restartable transfers.
We think we can mitigate those concerns some by code-signing the exe, having the download from https, and building a recognized brand.
Also, we're considering a feature called "Channels". After you set up a channel with your grandpa, it can be trusted. You just drag files onto your "Grandpa Channel" and they go to his HD in that channel's folder (he gets a pop up to accept/decline). This also ends up being a convenience for frequent sends because you don't have to enter your recipient's email - you just drag and drop files onto the channel and they start going.
> We think we can mitigate those concerns some by code-signing the exe, having the download from https, and building a recognized brand.
I don't see how all these resolve someone sending an email that looks exactly like yours, which links to a page that looks exactly like yours, which links to a malware executable.
Even with code-signing I wouldn't trust non-technical users to understand difference between popups, as well as resist close-all-these-annoying-popups reflex.
To make sure that the email is legitimate I'll have to either check the source, or seek in the mouse over. And after it is a "recognized brand", no one will be checking that.
I don't see how I could feel safe with executable file download links in the email. Maybe registering a scheme and sending in email a link with instruction to the file origin would be more acceptable, but that's only if the software is already installed. Ex: wirefrom://my@email.com
What about Channels? If you have your grandpa install WireOver, and you set up a channel with him, all your sends over that channel can't be faked. He gets notified via the installed tool (dialog: "Would you like to accept files from Myrth?"), not via email, so there's no longer a need for him to download an executable.
Your software should tell the user what it's going to do on each step before actually asking the user for permission and then doing it (it's not clear that it's an installer in the dmg, and that it's taking my email address to create an account and install a daemon and thingy on the menubar.
I like minimalism as much as anyone, but some basic info would make it a lot easier to trust (and thus recommend).
Comparison: This looks like an automated desktop version of MediaFire/MegaUpload/YouSendIt, since right now it works by downloading from an intermediary (I assume, from what tashmahalic said: "You run it, it downloads your files"). It has advantages in being ad-free (for now at least), supporting unlimited sizes (ditto), auto-resume, return receipts, and encryption (though I suspect some of the existing sites may have these too).
It'll still be a winner if it provides a better user experience than the others, of course. When it goes fully p2p, it may become the killer p2p file transfer app that the world's been waiting for.* Good luck.
creamyhorror, you have perhaps the best HackerNews username ever. Whatever was your inspiration?
WireOver was born out of sheer annoyance, because it's ridiculous that sending files over WANs and LANs is still such a pain.
Our guiding principle: BE NOT ANNOYING.
Ads would be annoying, so they're out. File size limits are annoying. Failed transfers are annoying, slow transfers are annoying, cluttered UIs are annoying, not sleeping well at night because you're worried about security is annoying.
Transfers should find the fastest route automatically - over internet or LAN - and they should go seamlessly between Mac, Windows, and Linux. That's what we want ourselves as users. We'd be pleased as punch to lower the annoyance level for others too.
That's a great principle to have. Less annoying things make life better - although I have no doubt it can take a lot of effort to eliminate annoyances (especially when you have to build a lot of intelligence into the system). We try to do the same in my own project, although we often have to assign 'nicer' (de-annoying) features to a v2 protoype because of limited dev resources. It's great that you guys are all coders (AFAICT).
My username makes people conjure up all sorts of images, which is why it's great for me to never plant a definitive one in their heads. I'm thinking of changing it, though, since it's none too professional on the rather social startup scene!
I started using AeroFS for something like this, but it is about "syncing", while all the time I keep thinking it ought to be possible for these guys to do file sending as well.
I would like to use it at work but also personally from the same computer, so perhaps you could consider something like an account alias so I can link both to one WireOver.
I got this on gmail for the verification email, thought you would want to know for users that are a bit less technically savvy:
Be careful with this message. Similar messages have been used to steal people's personal information. Unless you trust the sender, don't click on links or reply with personal information. Learn more
84 comments
[ 5.0 ms ] story [ 160 ms ] threadSo - thanks for your feedback!
Interesting feature. So far I've only see torrents have this. Would love if my downloads online had working pause and resume functionality.
Get a download manager (wget -c is my favourite), and it will work for you, too.
Most HTTP server support HTTP-Range queries, which allows resuming downloads. FTP (of course) has always supported this feature.
It boggles my mind that OSX (for example) doesn't just use this under the hood, especially when sending to other OSX machines. It's an OS speaking to itself - spinning up a daemon automatically on the receiver would be trivial.
This was about a year ago though, things may have been made better by now.
It does look like they're planning on offering a paid version:
"Upgrade to Pro with end-to-end encryption to make your transfers completely confidential. We can't even access your files."
It's like you said, if they want a good number of beta testers/ early adopters, they should have a Linux version.
Why?
Why would anyone download and install an app from a simple splash page like this? It could be anything.
So, yes, WireOver guys should put some more information, but I don't think it's a dealbreaker anyway.
Try it out and let us know what you think!
Need to see some credibility or explanations for these claims before I trust it.
Please give WireOver a spin and let me know what you think. I'm trent@wireover.com.
Others have said this too - We needs a Linux version, hopefully usable on the command line too.
That said, I don't see how you're going to be able to stay alive while offering unlimited bandwidth.
I think we can sustain unlimited bandwidth because we're transferring files peer to peer, so the bytes go direct from sender to receiver. They don't have to go through our servers (except when P2P fails). So, we don't pay for (most of) the bandwidth. We're enabling you to use the bandwidth you're already paying your ISP for.
But the developers should check why the e-mail ends up in the span all the time.
1. The sender generates an AES-256 key for the transfer. 2. The receiver sends a public key to the sender. 3. The sender encrypts the AES key with the public key, and sends to the receiver. 4. The receiver decrypts the AES key. 5. The sender then sends all the bytes, encrypted with AES.
The point of using the AES key is that it's faster to encrypt/decrypt. The point of using the public/private keys is to get that key to the receiver in a secure way.
The transfer has a session key from our server so each peer can validate the identity of the other peer.
How's that sound?
Does this meet with your understanding?
I think you're opening a can of worms. The email is HTML, so it would be very hard for my granpa to verify that the link is actually to your site. As you can imagine it is very easy to make the email and site look exactly like yours, and even make the link URL itself look similar.
We're doing the downloaders because it let's us do p2p, which is how we can offer free and unlimited. It also affords end-to-end encryption, and resumable/restartable transfers.
We think we can mitigate those concerns some by code-signing the exe, having the download from https, and building a recognized brand.
Also, we're considering a feature called "Channels". After you set up a channel with your grandpa, it can be trusted. You just drag files onto your "Grandpa Channel" and they go to his HD in that channel's folder (he gets a pop up to accept/decline). This also ends up being a convenience for frequent sends because you don't have to enter your recipient's email - you just drag and drop files onto the channel and they start going.
Does that address your concerns?
> We think we can mitigate those concerns some by code-signing the exe, having the download from https, and building a recognized brand.
I don't see how all these resolve someone sending an email that looks exactly like yours, which links to a page that looks exactly like yours, which links to a malware executable.
Even with code-signing I wouldn't trust non-technical users to understand difference between popups, as well as resist close-all-these-annoying-popups reflex.
To make sure that the email is legitimate I'll have to either check the source, or seek in the mouse over. And after it is a "recognized brand", no one will be checking that.
I don't see how I could feel safe with executable file download links in the email. Maybe registering a scheme and sending in email a link with instruction to the file origin would be more acceptable, but that's only if the software is already installed. Ex: wirefrom://my@email.com
Does that address your concerns?
I like minimalism as much as anyone, but some basic info would make it a lot easier to trust (and thus recommend).
It'll still be a winner if it provides a better user experience than the others, of course. When it goes fully p2p, it may become the killer p2p file transfer app that the world's been waiting for.* Good luck.
(* or does this already exist?)
WireOver was born out of sheer annoyance, because it's ridiculous that sending files over WANs and LANs is still such a pain.
Our guiding principle: BE NOT ANNOYING.
Ads would be annoying, so they're out. File size limits are annoying. Failed transfers are annoying, slow transfers are annoying, cluttered UIs are annoying, not sleeping well at night because you're worried about security is annoying.
Transfers should find the fastest route automatically - over internet or LAN - and they should go seamlessly between Mac, Windows, and Linux. That's what we want ourselves as users. We'd be pleased as punch to lower the annoyance level for others too.
My username makes people conjure up all sorts of images, which is why it's great for me to never plant a definitive one in their heads. I'm thinking of changing it, though, since it's none too professional on the rather social startup scene!
"NOTICE: The Sendoid service is no longer available." "Sendoid's web interface was disabled on Wednesday, March 7th."
Anyone AeroFS fans here?
Why would you like them to be linked somehow?
Be careful with this message. Similar messages have been used to steal people's personal information. Unless you trust the sender, don't click on links or reply with personal information. Learn more
Hope that helps :)