Unsupported Browser. folder.zone requires the File System Access API, which your browser does not support. Also, note that folder.zone is currently for desktop browsers only.
Ideally it would at least tell me what it is, or link me somewhere that does, so I know whether to bother opening the link in another browser.
There's a few of these ephemeral file sharing apps, but I often find myself many file shares in a row. Sharing a folder allows me to set up the secure link once, and then reuse that for each file.
Onionshare has been able to do that for a while, but it's heavier. I usually need this functionality during host bootstrap, for sharing things like public keys.
The server is assumed fully compromised.
Do the security properties hold up if the server serves malicious JS?
I lose track of whether the proposed mechanisms to mitigate that risk are widely available.
For my host bootstrap usecase I stick to CLI tools, which have a better story here, but folder.zone has the benefit of a nicer UI. Definately more suitable for family.
You can’t do anything if the server is compromised. If you want the JS be TOFU, you would need to download or host a fork. But then, connecting between users might be a problem.
Some people at the W3C websppsec working group (me included) are trying to make it happen though. Project name is web applications integrity, consistency and transparency (waict). Most of the active work is happening under the subresource integrity specification, which happens in the open on GitHub.
mdaniel | a day ago
depending on the audience, one will want to be aware of its connection to google.com https://github.com/symbolicsoft/folder.zone/blob/v0.0.1/client/config.js#L13
zk | 19 hours ago
Good catch. I wonder if using the myriad of STUN servers Tailscale uses would be an option here instead (or... Is that not how that works?)
tuxes | a day ago
This web page only says:
Ideally it would at least tell me what it is, or link me somewhere that does, so I know whether to bother opening the link in another browser.
TheDragon | a day ago
this is probably a more useful link!
https://github.com/symbolicsoft/folder.zone
tuxes | a day ago
Thanks! (I did search GitHub for this, but didn't manage to find it.)
yawaramin | 17 hours ago
It's linked from the folder.zone page, on the bottom-right corner.
mdaniel | a day ago
I didn't dig into it locally, but I'd guess the presence of several
thing.webKitWhatevercalls is why it's browser restricted https://github.com/symbolicsoft/folder.zone/blob/v0.0.1/client/client.js#L132so, while that isn't helping matters, the real answer is missing
window.showDirectoryPickerptman | 14 hours ago
https://caniuse.com/native-filesystem-api
tuxes | 21 hours ago
This looks great.
There's a few of these ephemeral file sharing apps, but I often find myself many file shares in a row. Sharing a folder allows me to set up the secure link once, and then reuse that for each file.
Onionshare has been able to do that for a while, but it's heavier. I usually need this functionality during host bootstrap, for sharing things like public keys.
Do the security properties hold up if the server serves malicious JS?
I lose track of whether the proposed mechanisms to mitigate that risk are widely available.
For my host bootstrap usecase I stick to CLI tools, which have a better story here, but folder.zone has the benefit of a nicer UI. Definately more suitable for family.
freddyb | 6 hours ago
You can’t do anything if the server is compromised. If you want the JS be TOFU, you would need to download or host a fork. But then, connecting between users might be a problem.
Some people at the W3C websppsec working group (me included) are trying to make it happen though. Project name is web applications integrity, consistency and transparency (waict). Most of the active work is happening under the subresource integrity specification, which happens in the open on GitHub.