How can I share a file privately?

Updated:July 2016

Learn how to send a file to someone without broadcasting it everywhere.

Online communication is being monitored more frequently for various reasons. Document and file sharing can face more scrutiny by internet service providers, government agencies and others. After you remove or alter the meta data in your file, you’ll want to make sure it isn’t intercepted (or noticed) while you’re sending it. Here are some methods for sharing a file with only the people you intend.

GET STARTED:

  1. Sending files via email more privately
  2. Sharing files with a USB stick
  3. Using temporary anonymous services
  4. Should you use social networking sites for this?
 

Send files via email more privately

Email is most commonly used to send a file electronically. It's also one of the most difficult ways to share files privately, let alone anonymously (outside of social network services). While email isn't the most secure way to move files, but it can be strengthened.

CREATE AN ANONYMOUS EMAIL ACCOUNT

It's useful for sending or receiving sensitive information, but doing this is easier said than done. You'll want to create an email account that's not tied to your identity and won't become connected with you while you're using it. Coming up with a different name is the easy part. The rest takes planning.

Choose the right email service provider:

  • How secure is it? It should offer SSL access throughout your time using it. An SSL connection helps ensure your communication back and forth with the service remains secure. Use the Qualys SSL Server test to check out more about the provider's SSL certificate. An  A or B rating would be good.
  • Where in the world is it? It helps if your new email address is hosted on a server outside the jurisdiction of both you and your recipient, and in a jurisdiction with strong privacy laws.
  • How much storage is available? Think about the kinds of files you'll be sending or receiving and how much space the service provider will give you.
  • Can you use the email address with your own software? You may not need to use it, but it should be available. If you can't use the email address with Thunderbird, Outlook or Mac Mail then you can't encrypt, control the content locally or know how the service works. That's a risky prospect.
  • Does the service provider keep minimal logs? You don't want it recording your IP address, internet service provider, or anything else that ties you to the account. Some services collect a lot of this meta data, which is why they're offering you a free account. Be sure to read the terms and conditions before using a new email account.
  • Where to find it? Start with this database ranking email services for privacy.

How to manage it:

  • Create some personal space. Only access your email account from a location outside your home or work, or when using a proxy service that masks your actual location and identity.
  • Never use your anonymous account for activity that you do with your other accounts. Don't share it with any contacts outside your confidential source. Only use it for the reason you created it: Handling specific files and/or communicating with certain sources for this assignment.
  • Strike a bargain. Make sure both you and your contact understand why you're using this account and what it's for. Talk about what could happen if it goes wrong and how you'll handle it. Agree with your contact in advance only to use this email address and to never use actual names or identifying information. Think of mundane sounding subject lines and file names for exchanging files.
  • Don't get attached. Delete the account as soon as it's no longer needed.

ENCRYPT EMAILS AND ATTACHMENTS
 

We bang on about encryption a lot at the Rory Peck Trust, but it remains the leading solution to the problem. Encryption scrambles data within files. The result is that only someone with both the correct key and password will be able to read the data. You can further hide what the file is about by giving it a name not related to its content, but one your recipient will recognise.

How to secure your email attachments:


Share files with a USB stick

How can I share a file privately?
Sending large files over the internet can take time and draw attention. Using other methods such as USB sticks can protect you and your contacts.
One quick way to share files securely and discretely is to hand them to the recipient directly, possibly using an encrypted or password protected USB stick. This is known as an "air gap" method. There's no online record of the file moving from one person to another.

Adding files to a USB stick can be pretty simple way of sharing, especially if both you and the recipient are in the same location, which is also by far the most secure setting to share electronic files. If you're going to be carrying it outside, however, you may want to use file encryption to secure whatever's on that USB stick in case it's lost or stolen.

Mac owners can use FileVault. Linux users have a number of alternatives. People using either professional or enterprise versions of  Windows (only versions higher than XP) can use Bitlocker. Another open source option for users of all three systems is Veracrypt.

Keep in mind that the computer accessing the file will need the encryption software as well in order to open it. If you forget the passphrase to unlock it, the content will be essentially lost. Still, this is a simple and secure way to move files.
 

Use temporary anonymous services

Often, you can't meet in person, or you may need to send or receive something more quickly than travel allows. What follows are four simple recipes to quickly create disposable communication channels with the aim of protecting identity as well as content.

USE "VOLATILE" FILE SHARING

There are a number of websites out there that allow anonymous file sharing. We’re partial to FileTea, which provides easy and instant “anonymous, volatile file sharing.” Volatile file sharing allows you to temporarily upload a file without giving any personal information. The service generates long, random, unsearchable link that you can send to the recipient. As soon as they’ve downloaded the file on their end, all you need to do is close the browser and the file is erased and the link no longer works.

Onionshare is an even more secure, but slightly more involved, method. This essentially does the same thing as FileTea, but uses the Tor proxy service to further anonymise and encrypt traffic, creating a URL that your recipient can only use if they're running Tor on their computer.
 

USE AN ANONYMOUS P2P SESSION

"P2P" is short for "Peer-to-peer." There are a number of services available online that can help you send files or trade text information quickly, anonymously and securely. Programmes such as Pirate Pad, for example, enable multiple users to simultaneously chat  and edit a text document together.  This is particularly useful if you're mainly passing on text files or information.

USE A DRAFT EMAIL MESSAGE WITHOUT SENDING IT

Whenever you send an email message you create a trail across the internet, from the email address sending it to the one receiving it. Even if the information is encrypted, every server around the world that passes the message along will have a record of where it came from and where it's going. Using proxy services and anonymous accounts can help, but have you ever considered that you don't actually have to send the message in order for the other person to get it?

Pick an email service with good security for storing data. Create an account and write a message. Attach whatever files you want to share. Now, instead of sending it, save it as a draft message. Using different channels for each, get the other person the username and password. Now, you can each log in separately and save content for one another without sending it over different internet networks. Delete the account when the exchange is finished.

USE OFF-THE-RECORD (OTR) MESSAGING

An OTR messaging service enables private instant messaging over the internet. In OTR, communication is encrypted, identifies can be verified by participants, and secure session certificates are destroyed at the end, making it impossible for someone to go back and forge a message. There shouldn't be any network logs about the conversation or the participants' identities.

There are numerous instant messaging services available, but not that many of them offer strong security. Even fewer provide OTR features. And some are easier to get used to than others. These could all be seen as a good things in that it makes deciding which ones to use easier. We're partial to CryptoCat, which is by far the simplest option to start with and works in your web browser. Android phone users may also want to check out Chatsecure with Orbot, which can be a good option, and allows you to have OTR chats with people who use different services.

Practice good digital hygiene after using any service. Make sure you've closed it completely after the session and secured what you wanted to keep from it somewhere offline and out of sight. Erase browser histories or app memory files and possibly remove the app if you're not going to use it again.
 


Don’t use social networks

There is no secure way to exchange confidential files or information through social websites, including through direct messaging or so-called "private" groups. These sites have limited security, collect and sell personal data, and third parties often have access to private messages and forums. Privacy settings on these sites can also change without notice, leaving you more exposed than you intended. 
 


Image credit: USB stick in the wall in Brick Lane, east London, is courtesy of the Dead Drops Database project.
Created: August 2013

Help us be a better resource!

Give us feedback about this page. What was helpful here, or what could be included to make it more useful?

Create a comment
Create a Comment
  • Security code

This website uses cookies. For more information about these please click here.
By continuing to browse you consent to the use of cookies