File Sender

Free Encrypted File Transfer

A download link (for file recipient) will appear below.

How is this different?
Unlike every embedded service (read: Google Drive, Microsoft OneDrive, iCloud, etc.), all data is one-way encrypted before being sent. The key required for decryption stays in your browser - it is never shared with FileSender.io.

Will the note to recipient be encrypted?
Yes, the file name and the note to recipient (if any) are fully encrypted.

How will the file be delivered?
Via a unique, one-time download link. You would provide the link to your recipient by E-mail, text, or chat.

Can anyone with the link access the file?
Yes, the link is sensitive, though unguessable. You should pass the link only to the intended party for the download. For extra security, a download link can only be used once. After the first successful download, the link becomes invalid. Once your intended recipient downloads the file, no one else can.

More details

Or Drop a File Here:

Decryption is only possible with the URL fragment, which stays locally with the sender. The URL fragment contains a secret key generated by sender's browser and is never sent to our servers, even when the link is clicked. This behavior is by design in all modern browsers.

Is there a size limit for sending a file through a browser?
Depending on your browser version and available virtual memory, you may experience issues uploading/downloading files greater than 8 Gb. For larger files, download the File Sender desktop app, which has no size limits.

How is the file sent by Web protected?
Your browser generates a random symmetric key and encrypts the file (and any message to recipient) before uploading. The encryption key stays in the sender's browser and is never provided to our servers.

When the sender's browser completes the upload and receives a unique URL for the file, it appends the decryption key to the URL after the number sign ('#'). The right-most part of the URL is referred to as a URL fragment and is never disclosed by your browser to the server.

The sender provides a download link to the intended recipient off-band, i.e. via an E-mail, text, chat message, or other means external to FileSender.io.

When the recipient uses the link, our servers first verify whether such a file exists and has not yet expired. The recipient's browser then fetches the data and attempts its decryption (of file and any message from the sender). The decryption is only possible if the recipient is in possession of the correct full URL containing the decryption key received from the sender off-band. Should there be a missing or a modified character in any part of the URL or the URL fragment (the part after the '#' sign), file retrieval or decryption would fail.

Links are made for one-time use by design. Once a download is completed, the encrypted file is deleted from our servers, and attempting to use the same link again would yield a blank page. This provides extra security and ensures that once a recipient receives the file, no additional downloads are possible, including someone gaining access to the download link later.

Is FileSender.io Web exposed to the same risk of a cyberattack as any other provider?
Because all files (and messages) are encrypted by the time they reach the servers at FileSender.io, they would be of no value to an attacker. Gaining access to encrypted files does not expose any content. Nor would a site administrator be able to access any of the content transmitted via this service. This is for security by design.

Send a File to Anyone. No Account Required.

Site menu: