Secure file sharing with your friends

I have just released a BETA release of Sulphur Five, which is a kick-ass file sharing tool, that allows you to securely share files with your friends, from inside of your own home. Basically, it allows you to setup a web server, through Phosphorus Five, which allows you to share files, with your friends, behind the safety of encryption. All you really need, is an old laptop, which you can install Linux Ubuntu Server on – Alternatively, a “real” server somewhere, which you can access as root.

You can configure it to allow any registered user to be allowed to upload files, or only a “root” user to upload files, or even in fact anonymously guests to upload files. The latter actually makes it a pretty cool anonymous dropbox system, for media publishing houses, wanting to allow the public to upload files anonymously. Combining the anonymous dropbox features with teaching whistleblowers how to use the Tor Browser, make the process of uploading files to your server, 100% anonymised and secure, and the system becomes an awesome foundation for an “anonymous dropbox”! Think; “WikiLeaks” here …

However, I suspect that for most people, it will simply be experienced as the ability to securely sharing files, between a small circle of friends or colleagues, wanting to collaborate with each other, sharing their files, and have the ability to send back and forth files between each other, securely.

It should work on any device, including your iPhone, Android, iPad, Linux, Mac OS X or Windows machine. And it renders “responsively”, which means it renders for the most parts, pretty beautifully, on any device, regardless of its screen resolution.

When you upload a file, by default the file is set to “private”, which means that only you can access the file itself. However, you can easily change its access rights, to both protected, and public. Protected means that only registered users can access the file, while public means that anyone can access the file.

Tagging support

You can associate a piece of meta information with your files, as you upload them. This is a piece of text, and/or friendly name, that describes your file. This text can contain #hash_tags, which allows you to tag your files, and later easily retrieve all files tagged with the same #hash_tag. In addition, you can write your file’s description using Markdown syntax. In such a way, it arguably becomes the “Twitter of file sharing”.

In addition, it features a pretty cool search interface, allowing you to search for files belonging to a specific user, containing some piece of text in its name/description, etc. And if you have more than 10 results in your search, it will give you a “never ending scrolling” experience, automatically feeding you more files, as you scroll to the bottom of your page.

You can upload multiple files at the same time, either by dragging and dropping them unto the main surface of your browser, or by clicking a button and selecting multiple files at once.

Cryptographic trickery, SHA1 support!

One thing I am particularly proud of, is that SHA1, or cryptographic “hashing” is at the core of the system. When you upload a file, the system will checksum its SHA1 hash value, and associate it with your file. If somebody later tries to upload the same file, it will be rejected, since the file already exists in your system. This prevents having multiple versions of the (exact) same file, in addition to that it creates another pretty kick-ass cool feature, which I will explain in the following paragraphs.

Massively and humongously distributed file sharing

If a file for some reasons disappears from one server, you can due to the above traits, search for its SHA1 value, using some search engine. And if somebody else have publicly published the same file, it will highly likely yield a result for you – Making it possible to easily find “lost files”, if the files have been shared on multiple other servers out there. Since the SHA1 value is a part of the file’s URL, this means that somebody looking for a “lost file”, can simply paste in the latter parts of the file, into a search engine, and highly likely find an alternative site, mirroring your file. Which of course leads to …

… no DDOS allowed!

This is in fact a core trait of the system, facilitating for “distributed file sharing” which I like to refer to it as, allowing for multiple servers to share the same file, while having a cryptographic guarantee of that the original file has not been tampered with in any ways. Since the SHA1 hash value of the file, is included in its URL, H1 element, anchor text for viewing the file, and even the page’s title – This makes it very SEO friendly for searching for “lost files”, from other alternative sources. This trait of the system, allows multiple servers, to collaborate with each other, in sharing the same file. Which might be wise when you’re dealing with “volatile information”.

Basically, even though a single home web server could easily be DDOS’ed to deny it to serve a file, or possibly taken down using other means – If there are thousands of similar “micro web servers” serving the same file, possibly in hundreds of different countries – DDOS’ing a file into censorship, becomes literally cryptographically impossible. Assuming there’s at least one search engine in the world, willing to serve results, containing your SHA1 value for your file of course …

By default, you can upload files up to a couple of GB in size, and you can upload as many files as you wish in a single operation. All files uploaded by anonymous guests, are only accessible by a “root” account, until the admin of the server decides he wants to share it publicly, or protected. Notice, the system does not look for any virus or malware, so be careful when you download files to your local system. For extremely volatile files, you might also want to consider to verify the SHA1 value after downloading the file!

Getting started

Assuming you want to install this on your own Linux web server, and you’ve already installed Ubuntu Server, you can simply first download a simple shell script from your terminal using the following command.

wget https://github.com/polterguy/phosphorusfive/releases/download/v4.8BETA/install.sh

Then make it into an executable with the following command.

chmod +x install.sh

Then execute it as root using the following.

sudo ./install.sh

The above will install everything automatically for you, except an SSL certificate, which you can easily install using the recipe found here. Notice, it is (obviously) crucial you install an SSL certificate on your system, before you access it from the outside. If you wish to use the system as an “anonymous dropbox”, it’s also crucial you teach your whistleblowers to exclusively access the system using the Tor Browser!

When Phosphorus Five is installed, you can launch it, by going to your server’s IP address, or domain, and type in a random server salt, a root password, for then to visit the “Bazar”, and install Sulphur Five. If you’d like to see it in a live installation, feel free to visit my personal home cloud, or check out Sulphur Five here. Notice, I have not setup my own personal system to allow for “anonymous uploaders”. But there is one file you can download and have a look at … 😉

Disclaimer; This is BETA software, and might have some quirks. Have that in mind as you play around with it!

Below is a video demonstrating the system in use.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s