Disroot provides Lufi, an open-source online software to upload and share files in a secure and private way with other people, as an alternative to services such as wetransfer.
Lufi works in a zero knowledge logic.
Meaning the files are encrypted before they leave your computer, so that your Internet Service Provider and "the administrator of disroot" can not see the file's content. The administrator can only see the file's name, its size and its mimetype (what kind of file it is: video, text, etc).
You "don't need to register yourself to upload files".
Amongst other things you can use it to:
In this tutorial we'll show you how to use it. You can access Uploads/Lufi at upload.disroot.org
When you use Lufi to upload files, "All the files are encrypted by your the browser! It means that your files never leave your computer unencrypted. The administrator of the Lufi instance you use will not be able to see what is in your file, neither will your network administrator, or your ISP".
When someone downloads your file, it is decrypted locally in that person's browser after the download. Meaning, the network administrator, or the ISP will not be able to see what's in the downloaded file.
You can read more about it here.
The whole encryption/decryption process is done automatically by the browsers, so no need of manually encrypt the files before, or manually decrypt at the download.
The encryption key (the thing that permits whomever downloads the file to decrypt it) is a part of the link that is presented to you by your browser after you have uploaded a file.
It's an anchor (Cf. Fragment Identifier). That means this part (the encryption key) is only processed client-side (in your computer) and does not reach the server of your Lufi provider, so they cannot decrypt the file.
Only persons that have the full link will be able to download and decrypt the file.
For example this is a link to a file in upload.disroot.org:
It has two components:
Left of the # symbol in the link is the URL to the file: "https://upload.disroot.org/r/FA7MHOOL"
If you try to use just, https://upload.disroot.org/r/FA7MHOOL Without the second part you will get this message:
The interface is pretty straightforward, when you upload a file you have the following options:
In the upper centre part of the panel you can set the options mentioned above. In the upper right part you have the menu to go "My files" and manage your uploads. The centre is where you upload your files.
There is no size limit to the files you can upload. But the maximum amount of time that a file stays stored in Lufi varies according to it's size. After that time expired the file is deleted.
Larger files will be stored for a shorter time. "The expiration delay of your file will be the minimum between what you choose and the following limitations":
You can also check this information any time you want by pressing the button in the main interface in Lufi.
To upload a file just choose the options you want (if delete after download or not, and how many days it stays online) and "click to open the file browser" in the centre of the screen, and navigate to your file and select it, or just drag your file to the center of the screen.
After the upload is complete you will be presented by your browser with the link (URL and encryption key) of the uploaded file, copy it to somewhere else.
You will also get the deletion link which permits you to delete the uploaded file from the server at any time you want.
To download the file just use the link in the browser:
Well this is also very simple, you can either:
copy the link manually to your email or a text file, or any other option
For the last option (if you have an email client in your machine e.g Thunderbird, Evolution, etc.), just click the button, after your file is successfully uploaded. Write the email address and text, and press . You email client will pop-up with the email ready to send.
The option should not be used as a matter of principle.
The reason is, if you use this option the link is sent using an email of your Lufi provider, not your personal email. Which means the administrators of that Lufi instance can see the full link, and thus are able to download it, and decrypt it if they want to.
In this case disroot is a privacy conscious provider, but as a matter of principle you should avoid it.
You can manage your uploads by pressing the button in the main panel.
There you will see all your uploads and you can:
Choose which uploads you want to delete from the server
This list of uploads is kept locally in your browser in a .json file. Which leaves a record in your browser of the files you uploaded. Thus, you will not be able to see the list of your uploaded files when using different browser or different computer.
If you want, in this panel you can also:
Purge the this information from your browser local storage (it will wipe the information of the uploaded files and their links from your browser, but it wont delete the files from the server, and link is still valid)
Export to your computer the json file with these information
Another way to delete a file from the server any time you want is to use the deletion link, provided when you first upload the file. Copy it and keep it in a text file for whenever you want to use it. To use it just put it in your browser and press enter.
If you delete a file or the expiration date that was set passed, anyone trying to download the file will see a message like this: