The internet is made for sharing and it’s perfectly understandable that the moment you snap a picture of a new addition to the family, or some other unmissable photo, you want to show it to your loved ones. Or you might want to share critical documents with work colleagues.
How can you make sure that whatever you share is seen only by the people you choose? Simply placing a password on files won’t always do – as you’d need a way of sending the password to the recipient securely in the first place!
In this article, we’re going to explore some quick and simple options for sharing your files safely over the net. These are not exclusive so don’t be afraid to combine them if necessary, or look into other ways to share files safely, too.
Most Dropbox users know that they can click ‘Share’ next to a file or folder to generate a link to allow other people to download that file or folder.
This is especially useful when you want to share files that are too large to email. Only people who have the link will be able to access the data, and you can delete the link at any time.
If you have a paid Dropbox Pro account (or a business one) you can password protect individual files and folders, as well as set the link to expire automatically.
2. Password protection
Many applications such as the cross-platform word processor LibreOffice Writer contain an option to password protect documents. Usually you’ll be asked to type in the password twice to make sure it’s entered correctly. Note it down carefully.
The specific steps you need to follow plus the strength of the encryption used will vary depending on the piece of software in question. Check with the developer (look for the support section of the website) if you need help with anything. Ideally documents should be protected with at least 128-bit AES encryption.
You will of course need a way to send the password to the recipient securely after sending the file.
PGP and GPG are two programs which make use of public key cryptography to send files securely.
They get around the problem of having to send someone the password of a file you’ve encrypted by using a ‘public key’ to encrypt documents and a ‘private key’ to decrypt them. Your private key never leaves your computer but anyone can use your public key to send you files.
Setting this up can be tricky for less tech-savvy types. The easiest way is probably to install the cross-platform email client Mozilla Thunderbird, then use the free add-on Enigmail which has a handy step-by-step wizard.
Messages are encrypted before leaving your machine, so you can safely send files to your correspondent. You can also use security codes to make sure no one is sitting between you and them, intercepting your messages (known as a ‘man-in-the-middle’ attack).
OTR messaging is available as a plug-in for Pidgin, as mentioned, but is also built into other messenger clients such as Signal for Android and iOS.
5. One-Time Pad
To use a One-Time Pad, first you must create a list of random numbers by rolling dice or using a computer. Your correspondent does the same, then you both meet and give each other a copy of the pads.
When you want to send your correspondent a file, you can then combine the random data in the pad with it, and send. The recipient can then use their copy of your pad to take away the random data to reveal the file.
This is tricky to get right, but theoretically it’s perfectly secure. There are a few programs as listed here, such as the Paranoia plug-in for the Pidgin messaging app, which can automate the process for you.
See our guide on using a One-Time Pad on the Raspberry Pi here.
LastPass is an excellent service which stores all of your usernames and passwords in one place. One of its niftiest features is that you can choose to share a login – say, for Google Photos – via email.
Part of the beauty of LastPass is that if you choose you can allow your correspondent to log in and access files without them seeing the password. Your connection is also protected by SSL so there’s very little chance anyone could connect to your data in the same way. In short, this is one of the most respected password managers out there, and with good reason.
Snapchat users will be aware that photos sent over the app theoretically self-destruct after a certain length of time. The recipient can take a screenshot of important information, however, and you’ll receive a notification that this has been done.
Snapchat updated its terms and conditions in 2014 to say that the firm may store copies of images you send. Ideally, you should use this app in combination with another of the methods listed here – for instance, you could encrypt a spreadsheet and send via email, then transmit the password separately via Snapchat. Splitting the file and the key in this way means only your correspondent will be able to view the data.
8. Resilio Sync
Resilio Sync (formerly BitTorrent Sync) synchronises files using the BitTorrent protocol. The advantage of this is that instead of having to share files via a cloud service like Dropbox, files can be synced directly between two devices.
Provided both your device and your correspondent’s are online, files can be shared in real-time and the connection is secured by 128-bit AES. BitTorrent is particularly good for sharing large files and folders as it was originally designed for that purpose. More devices can be added to share files with others if you wish.
The app is available for Windows, macOS, Linux, Android and iOS. The client is not open source so there’s no easy way for security experts to check the code used for any vulnerabilities.
SSH (Secure Shell) is a network protocol which establishes an encrypted tunnel allowing people to log in to a computer remotely. It can be used to upload and download files as well as run commands on the target computer.
If you have a server, you can give your correspondent their own username to log in and access files you’ve uploaded. Alternatively you could create an account for them on your own machine so they can connect to you.
Mac and Linux users will be pleased to hear they can use SSH directly from the Terminal app. Windows users can download the free program Putty to do the same.
Continuing the trend of obscure acronyms, SFTP (Secure File Transfer Protocol) is an extension of the SSH protocol used specifically for transferring files. In order to make use of it, you need to have access to a server, for instance by renting one from a provider like Hosted FTP.
You’ll be supplied with a username and password that you can use to connect and upload/download files. Most operating systems integrate FTP into the file explorer so you can move, edit and copy files onto the server just as you would with an ordinary folder. Although the connection is encrypted, documents stored on the server aren’t, so consider protecting them with a password before uploading.