Likely law enforcement found out about it being used to distribute illegal content and then applied pressure. Companies don’t have a strong history of successfully resisting that pressure.
law enforcement is so bass-ackward on privacy/security tools
Of course, if a hammer is for sale, some will use it to build houses and a subset will use it to hurt people. Just because something can possibly be bad doesn't mean we shouldn't have it
But if law enforcement’s data suggests to Mozilla that something like 60%+ of Send’s uses are for malicious purposes, what benefit do they have in continuing to make it available?
I’m all for privacy, but I wouldn’t support my tool being used predominantly for criminal activity, no matter how good I feel about it as a security/privacy tool.
Take down requests for DMCA and/or LEO for CSAM. Even though it is impossible for the server operator to know that material is on the server, the URLs + decryption passwords are shared with someone or a group -- if that is discovered by law enforcement or rights holders, they will issue takedowns.
It's not uncommon for forums to share links to resources, along with the password to decrypt them. And FF Send had a nice API for uploading material. It'd be an afternoon coding project to build a tool to re-upload material every 7 days, and update forum posts automatically so it could be available long term, beyond the max expiration time for anonymous uploads.
I just discovered this TH feature the other day when attaching a file to a mail but it looks like it works with plugins now, so you can use different providers.
Actually I came here to ask if Gokapi works with that Thunderbird feature.
Consider implementing a 'guest upload' feature with stricter expiration policies and file size limits. This could maintain security while allowing for more flexible use cases, especially in client-facing scenarios where bidirectional file sharing is necessary.
This is exactly what I use Firefox Send for in my org. It's not strictly "admin can download" but anyone with the password/link can download. The effect is the same.
If this is something you’re interested in it can be reimplemented on CloudFlare workers super easily using the awssdk for s3 (R2) and with D1 as the DB.
The staying power of “Firefox Send” as a brand is baffling to me. It never did anything that wasn’t already available by multiple other services, didn’t do it better, and it was embarrassingly obvious from day one it was another one of those projects Mozilla would abandon in no time.
Just goes to show how powerful (and mismanaged) “Firefox” is a brand.
The company I worked for misconfiguration one of the buckets and allowed uploads. A couple of months later there was a bill for $15k. Since apparently some spammers were using our service.
Which is OK for a company but I would not want to use it as a private individual.
Yes, because not only was the projected cost not monitored, neither were changes to bucket security. They have entire suites of tools to monitor all of this stuff that is easily accessible.
This was back in 2006/2007 and the very first foray of that company into using cloud computing. Those tools you mentioned largely did not exist. And the UI's where a lot more confusing and less clear than they are now.
Another question: does any mistake in configuration signal a mismanaged company to you?
When you said "S3 scares the shit out of me", to me that implied that you still to this day didn't know about those features.
And no, mistakes do not necessarily signal a mismanaged company to me, but not knowing what you will be charged from one day to the next certainly smells like a bad policy to me.
I have never had to use them directly but the use-now-pay-later model feels scary to me for the same reason. Maybe they allow setting the upper cap to the monthly bill (crossing which they don't serve you until you intervene) but I have never heard of it. On the other hand there are many stories extremely ballooned bills for some unforeseen reasons.
Overall Thunderbird seem to be doing white well from themselves since rejoining Mozilla: >$8m in donations last year I think.