frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Ask HN: What's your go to for sharing sensitive files with non tech people?

6•privsen•2mo ago
My accountant asked me to send tax documents. My parents needed help with medical records. A client wanted API credentials. Every time I hit the same problem: PGP is way too complex for them, Signal requires installing an app, email attachments feel insecure, and I don't trust random file sharing sites.

What do you all actually use in practice? Curious if there's something obvious, I'm missing.

Comments

DamonHD•2mo ago
Signal is almost the only thing that I strongly trust.

Originally set it up to discuss patent stuff which had to be kept pretty secret, stayed for the lolz.

For small but sensitive items of data, such as bank details, I split over a couple of channels, eg SMS and email, to make it harder for any one bad actor to see all parts.

privsen•2mo ago
The split channel approach is clever, never thought of that. Do you find people actually follow through with the second channel or do they just reply what's the code?" in the same thread?
DamonHD•2mo ago
It seems to work, especially when I explain why.
andsoitis•2mo ago
Google Drive.
privsen•2mo ago
Fair - it's convenient. Though after seeing how many services train AI on uploaded content, I've gotten paranoid about what I put in cloud storage.
Redster•2mo ago
Bitwarden Send or https://1ty.me/ or similar services. Bitwarden Send can do text or files, which is nice.

For actually sending, Signal disappearing messages or phone calls for some info.

privsen•2mo ago
Bit warden Send looks nice but the free tier is text-only my parents needed to send a PDF. Will check if 1ty.me handles files.
Bender•2mo ago
nginx with a simple auth username/password is what I use for non technical people. For some of my lawyers I managed to get them to use SFTP with WinSCP so we could send things back and forth for edits. Using nginx I keep files off commercial leaky spying AI infected platforms that make pinky-promise lies.
privsen•2mo ago
Love the self-hosted approach. Pinky-promise lies is exactly my concern with most services. Setting up nginx is more than my parents could handle though. Curious if there is something in between - no third party data access but also no server to maintain?
Bender•2mo ago
Setting up nginx is more than my parents could handle though.

The idea in this case would be that case is you are hosting the files and setting up nginx. They could send files back if your web server has an upload interface or they could send files back using SFTP to a chroot sftp-only account. Set up a profile in WinSCP for them. Make a few screen-shots in case they forget. It can be made one-click to connect and one click to sync files.

bdangubic•2mo ago
password-protect PDF and then email ftw
privsen•2mo ago
Simple and works! Though I have read that PDF passwords are surprisingly easy to crack and the file lives in their inbox forever. Guess it depends on the threat model.
chickahoona•2mo ago
Take a look at Psono. You can share any secret stored there with a link. https://doc.psono.com/user/basic/sharing.html#with-externals...
chickahoona•2mo ago
Try Psono. You can share any secret via a link https://doc.psono.com/user/basic/sharing.html#with-externals...

You could eather host it yourself or use e.g. https://psono.pw, a free hosted instance of Psono. In regards of trust. Psono is audited every year and the company behind it is ISO27001 certified.