Tweet
I’m sorry if this is the wrong forum to ask this question. I tried software that crashed and they want me to send them a zip file of memory dump. It won’t fit in email so they said to use the free version of “wetransfer”. Is it safe to let wetransfer acess the zip file to upload the file from my computer? I just thought I should ask that this isn’t a security concern for my computer. Sorry if this is silly and too cautious.
-
-
Hello
If you go with the free one,these are the cons…
[ul]
[li]A public file download link is generated[/li][li]No encryption option for free users[/li][li]Password protection for paid users only[/li][li]Free users can’t create a WeTransfer account [/li][/ul] -
Very unsafe. With we transfer, you can upload and send a file as any other companies we transfer page which would include the branding.
Literally the most stupid idea for a file sharing site.
See https://tonywebster.com/2018/02/wetransfer-security/
EDIT, Unsuitable link removedComment
-
I understand vger that you are advising me not to do this with wetransfer. Do you know of any other way to transfer the large zip file?
Ikjk - I’m sorry but I don’t understand your post. I’m not a company. Are saying someone else could then get into my machine?Comment
-
That piece echos what vger was saying about public link generation. While a crash report might not contain too much sensitive information, it might include some. By uploading it onto Wetransfer, it becomes a public file.
How large is the zip file?Comment
-
The zip file is 125.612 mb.
I guess what you’re both saying is that by uploading the memory dump somewhere along the way, either from my computer or from wetransfer, someone could intercept it and possibly (probably?) find sensitive information.Comment
-
I was looking around and found some things that are supposed to be alternatives to wetransfer. Do you think these are any better/safer/more secure? They seem to be encrypt the file.
SendGB.com SendGB | File transfer & File Hosting & File Sharing
Framadrop https://framadrop.org/
reep.io reep.io
firefox send https://send.firefox.com/
ge.tt http://ge.tt/
binfer https://www.binfer.com/home-11/?utm_...ftware/binfer/Comment
-
I had no idea Mozilla introduced their own cloud, that’s very cool. I would definitely use that one.Comment
-
So you feel firefox send is secure? And that it’s better than the others? The website says it’s a “A Firefox Test Pilot Web Experiment”. I guess that means it’s not a fully tested software yet. But as I still have to email the link to the software support and email isn’t secure someone else could get the link from the email and get the dump file. Or am I being paranoid now?Comment
-
I think it is secure, yes. Emails are safe as well, the only way someone will be able to access it is if someone gains access to your or the receiver’s email accounts.Comment
-
I guess I’m confused now. I have been repeatedly told that nothing confidential should be sent through email as they can be hacked, somehow. And that’s why my bank never sends anything through email (except telling me to go to their website to see what they want to tell me.)
I was looking around about send.firefox and google came up with a mozilla site discussion about it:
[COLOR=rgb(226, 80, 65)]“How is this secure if I’m going to email a link to somebody?” Email not being particularly secure if sent in open text. So somebody snags the URL and downloads the file before the intended recipient gets to it.
What’s everybody else’s preferred way of sharing a link or some other sensitive bit of information with another?”
[COLOR=rgb(44, 130, 201)]“I would use an end to end encrypted messaging app to send the link around.”
Please understand Ikjk that I know you know much more about this than me so I’m not questioning your advice. Only just asking.[/COLOR][/COLOR]Comment
-
Email is not secure; here's why | Digital Trends
Most email services store your messages as plain text. So, any attacker who can access those servers (say, via a security flaw or by stealing an admin password) can easily access all the stored email and attachments.
While what they’re saying has validity to it, there has yet to be an occurrence of Gmail or Hotmail servers being hacked (Yahoo is a different story). That makes the interception of your link highly unlikely, unless your account or the receiver’s account is hacked directly (through stolen password).
If you’re worried about the possibility of an account hack for yourself or the receiver, you could always password the ZIP file and provide them the password through a different, more secure form of communication.
It’s hard to tell how sensitive the information in the log file is, given that it is a specific unnamed software. You’re more likely to determine if the log file is sensitive to begin with by looking through it yourself to see what system information is logged. It might end up being not sensitive at all, then you’d have nothing to worry about.Comment
-
If you’re super paranoid about security, use https://mega.nz/
It uses RSA encryption + a master key. Only you know the key. No one else will be able to get it.
You’ll need to create an account to use it though.Comment
-
If I was you I would not use wetransfer at all, even if it ask to let some access to your PC. Be carefulComment
-
Any updates for us?Comment
Comment