2 Ways To Encrypt Your Files From Your Browser

Do you want to send a file across the Internet to a friend or coworker, but don’t want the NSA to snoop on that file? You’ll want to encrypt that file, but in the quickest and easiest way possible. Thanks to various web technologies, you can now do this without even having to deal with a heavier desktop-based encryption program.

File Lock

browser encrypt file lock   2 Ways To Encrypt Your Files From Your Browser

File Lock is a fantastic file encryption service that runs entirely on HTML5 technologies — you don’t even need to install a plugin for your browser!

All you have to do is visit their website, choose the file you want to encrypt (if you have multiple files, you’ll need to repeat this for each file), type in a password, and hit the Encrypt button. In just a few seconds, your browser will have created an encrypted version ready to go. The recipient will need to take the encrypted file they receive and decrypt it using the same site. However, this should be just as quick and easy.

While you can use this site to encrypt just about any file, the website itself advises that you don’t use the service if you’re planning on encrypting a lot of files or need to encrypt larger files. The site spouts off warnings around the 30MB mark, but I’d make serious thoughts about using a desktop-based application when you hit the 50MB mark.

The website recommends that you use a program such as TrueCrypt for encryption tasks such as those — I recommend the same thing.

Securesha.re

browser encrypt secureshare   2 Ways To Encrypt Your Files From Your Browser
Another option (although less ideal, in my opinion) is to use a service such as Securesha.re. This site does the local encryption via your browser, then lets you upload files. You encrypt it with a password of your choice or a randomized string, and then provide a “secure link” which will let you or anyone else you share the link with download the file.

Basically, the point of this site isn’t necessarily to encrypt a file and leave it at that, but it’s a file sharing site that does four things:

  • It encrypts the file that you want to share.
  • It uploads the encrypted file to the site.
  • The recipient downloads the encrypted file.
  • The recipient’s browser decrypts the file locally before asking them for the desired save location.

So in other words, this doesn’t give you an encrypted file, but it still facilitates an encrypted way to share a file. You can also control how many views or days the file stays on the server before it’s deleted (the maximum is 7 days), and the code that makes all of this happen is open source.

Conclusion

linux no encryption truecrypt   2 Ways To Encrypt Your Files From Your Browser

Although solid, modern file encryption implementations in your browser are surprisingly scarce, they exist and can easily be used by anyone using the latest version of their favorite browser. Again, I must emphasize that using your browser for any file encryption should be kept at 50MB or less — otherwise, it’s still better to look at a desktop encryption program such as TrueCrypt.

If you need even more options, you can take a lot at 5 other great ways to encrypt files on Windows or a way to encrypt files in Linux via ENCFS.

What’s your favorite way to encrypt files? Let us know in the comments!

10 Comments - Write a Comment

1 votes
Reply

john

The site file lock is flagged by WOT (web of trust) as an insecure site.
Clicking on the name Thomas Wedson from the site goes to a godaddy
generic page. There is no contact info. I would not use this site because you do not know who
or what organization is doing this.

The 2nd tool securesha.re is also suspect. It also does not appear to work in either
using the file link or the password link versions on a test file I did.
Again, no way to verify the authenticity of this site. The user put his code
into github but his email site is a suspect money collecting site for parties.

My suggestion is to avoid both tools because they are not safe from the viewpoint you
don’t know the people writing and supporting the code and their intentions.

0 votes

Samuel Reed

Hi John, I wrote securesha.re for an Angelhack hackathon at the end of 2012 (http://inthecapital.streetwise.co/2012/11/20/the-winners-and-highlights-of-angelhack-dc/). The code is freely available on GitHub (https://github.com/STRML/securesha.re-client) so anybody can audit the code.

It’s pretty simple – in fact, so simple, I’ve rewritten it in a few major web frameworks as a programming experiment. The backend is nothing more than simple file storage with automatic delete parameters – it will delete your files after a certain number of views, or if they reach a certain age. While that segment is not open source, it is indeed very simple to verify that no identifying data or passwords are being sent to my server – run the app with your web inspector open if you don’t believe me.

As for the “suspect money collecting site” – Tixelated was a fun experiment that we shut down about 6 months ago (http://www.bizjournals.com/washington/blog/techflash/2013/05/party-crowdfunder-tixelated-shuts-down.html). I have been working on other projects in the meantime but nothing public yet.

If you have any questions about the app I’d be more than happy to answer them. For now it’s just a proof of concept site and is safe to use, but if you encounter any bugs, please submit Issues to the GitHub repository and I will fix them quickly.

Thanks for looking at the site. I didn’t expect to get any press on this now – this article prompted a mention on Lifehacker, and now I’m getting quite a few emails for a (relatively) old project!

0 votes

Kevin Ohashi

I can’t speak for tool #1, but your comment is non-sense for SecureSha.re. Disclaimer: I was on the original team that created it at AngelHack.

No way to verify the authenticity of the site? The entire source code is published. Everything happens client side in javascript, so you can actually see everything it does. All it does is store a binary file (encrypted already by you, in your browser). You really have no idea what you’re talking about.

0 votes
Reply

Brandon R

I personally don’t trust using any website to encrypt my data, maybe I’m paranoid but I just don’t feel safe .

0 votes
Reply

john

Response to Kevin:

I stand by my original review even given Samuel Reed’s probably truthful disclosure and references above. Samuel Reed says that part of the code is not open source and also a user has to use a web inspector to try and verify the claim. Not exactly “published” nor transparent.

Also, why isn’t the readme or some other file published with the source that gives the information samuel discloses? Someone like me taking a look at it and then going to the tixelated site trying to find out any information on the email link in the project gets a bad feeling from it.

Aside from this, the idea is good to me and why I looked into it. Why not put the project up on sourceforge and make it truly open source into a product that people can really use and support? It also as I mentioned doesn’t appear to work when I tried it. Since I’m not a great coder I’m not going to debug it.

My feedback is honest and accurate. You don’t have to take it so personally.

0 votes

Kevin Ohashi

John,

That’s just non-sense. The part that isn’t open sourced is file handling on the server side. The code that’s published shows exactly what is being uploaded and how. The fact anyone can view the source code and see what it’s doing is exactly what transparency means. It’s the honest to god code that’s being executed right on the site. There is nothing to hide in it. It’s encrypted entirely client side which is verifiable (assuming you’re capable of reading/understanding the code). Furthermore, the code is published on GitHub. I still am not sure why you’re going on about SourceForge.

Perhaps instead of bashing the project, you could do your research, ask questions or at a minimum not just spew unsubstantiated and wrong claims. I do take it personally because you’re writing things which are factually inaccurate about the project. Also, instead of looking at all the code Sam has written or projects he contributes to publicly on GitHub, you of all things try and attack his character from a defunct startup that his email address is tied to? That must have been a poor joke.

0 votes

Samuel Reed

John,

I assume you’re just not very familiar with open source software and what the standard for this sort of thing is. That’s alright – the whole community moves very quickly, and especially has in the last few years. SourceForge is a dinosaur, tarnished its reputation months ago with download managers and scummy toolbar installers, and the majority of active open source now lives on GitHub. It is in fact much more open to the general community on GitHub than it ever was or would be on SourceForge.

Securesha.re is a new kind of webapp where the majority of functionality takes place right on the client, in plain view. To show my commitment to that, I do not minify or obfuscate any code on the site (which is standard, simply to save on the transmitted size of the site). It takes a certain amount of coding expertise to verify that encryption is done correctly, and a certain amount to verify that requests are being properly sent without identifying information. If one can do the former, they most certainly can do the latter. Verifying the requests literally takes less than a few minutes; after all, it only makes two: one to upload a file, and one to download it.

About a year ago, a small crowd of users on Hacker News took a look at the site after we announced it. Their verdict? It worked well, should probably generate longer passwords, was a bit confusing. Those were simple things to fix – so I fixed all of those issues and the site has been happily churning files day after day since then.

I understand that you feel your feedback is honest, but it is not accurate.

Feel free to check out the code both in your web inspector and at https://github.com/STRML/securesha.re-client/tree/master/polymer – the latest version of the site uses Web Components, so it is very easy to follow once you understand the basics.

In the end, if you want to use a service that handles your personal data, you either have to blindly trust it, or read the code. The vast majority of services that handle your personal data (Gmail, Dropbox, etc.) do not have publicly available source code. This project does. If you don’t believe me, read the code. If you can’t read the code, ask somebody who can. I believe Securesha.re fills a particularly important niche because its correctness actually *can* be verified, unlike the many closed-source security services out there.

I hope that clears some things up.

0 votes
Reply

Steve Kasian

Oooo, ouch! John, you just got pwned in a big way.

Probably best for “someone like [John]” to refrain from posting software/website “reviews” altogether.

0 votes
Reply

Chethan K

superb

0 votes
Reply

Chethan K

it was good article

Your comment