Secure File Sharing

TOPICS BELOW
Web Based File Sharing, Email, Messenger Programs, Articles

WEB BASED

Web-based Secure File Sharing is done by uploading one or more files to a provider, who then generates a link/URL that you give to the recipient. You can send the link to the recipient however you prefer. The recipient can use any web browser and does not need an account with the service provider. They just click the link, see a web page with some information about the shared file(s) and then download the file(s) from this web page.

An advantage to web-based file sharing is that the file being shared does not need to be manually encrypted by the sender. This is a double advantage, as it means the recipient does not need a copy of the encryption software used by the sender.

Both the upload and download of the shared files is encrypted with HTTPS, a very very common thing. The most important feature, however, is whether employees of the company offering the service can read your files. Even if employees can read the files you store at their service, it may be advertised as secure. It is not. The only secure file sharing is when the employees can not read your files. The technical term for this is end-to-end encryption and there is more about it on the Secure File Storage page.

On top of the basic end-to-end encryption, there are some add-on security features to look for.

Perhaps the most important add-on feature is password protection. A link that is shared by email, for example, is not secure as email itself is not secure. Without password protection, anyone who obtains the link to your shared files can download them, fully negating the end-to-end encryption. The hard part is sharing the password in a secure way.

Another add-on security feature is link expiration, where the link expires after a few days.

A more advanced security feature is an audit trail. Maybe you are sent an email any time the shared files are downloaded. Maybe there is a log you can check of every time the files are downloaded. Then too, you may be able to set a limit to the number of times the shared file(s) can be downloaded.

TRESORIT

Tresorit's main business is secure file storage, but they also have a free file sharing/sending service. You can upload/share 1 or more files up to a maximum of 5 gigabytes. Neither the sender nor the recipient needs a Tresorit account. All that Tresorit requires is an email address for the sender. They offer, but do not require, password protection for the sharing link/URL. With the free service, all sharing links/URLs expire in 7 days and shared files can not be downloaded more than 10 times. Tresorit emails the sender every time the shared file(s) are downloaded. The service is called Tresorit Send. I have used Tresorit Send and find the user interface very well done.

There are also two paid versions of Tresorit file sharing, one for Businesses and one for Enterprises. Among the added features are: Allowed viewers, Requiring an email to view shared files, Disabling download and printing and storage of 1 terabyte for shared files per user. They also have plug-ins for Outlook, Teams and Gmail.

PROTON

Proton Drive is mostly for secure file storage but it also does file sharing. Proton has both free and paid services. Even the free version of Proton Drive offers password protected file sharing with expiration dates for the shared links/URLs. I have used both Tresorit and Proton for file sharing and prefer the user interface of Tresorit.

More on Proton web based sharing to come (hopefully).

EMAIL top

Internet email is not secure and never will be. However, Proton Mail and its web based interface, is half secure.

Specifically, email messages between two Proton Mail users are secure. However, when a Proton Mail user sends an email to someone using Gmail, Outlook or any of a thousand other normal Internet email users, then nothing is secure. Drilling down further, an email message consists of multiple parts. When a message is sent between two Proton Mail users, the email address of the sender and recipient is not secure. Also not secure is the subject line of the email. However the body is secure and so are any attached files. By "secure", I mean that no one at Proton, and no one else either, can read the body of the email or the attachments.

Proton Mail has both a free and paid service. Even the free service offers secure encryption. I suspect that almost all Proton Mail customers use the web based interface. That said, there is software that provides a bridge between a normal insecure email program and Proton Mail. The idea being that people can use their normal Internet email program and still get security from Proton. I would stick to the web based interface.

And, there is yet a third way to use Proton for securely sending files. It can do a great imitation of web-based file sharing. When sending an email from Proton Mail to someone not using Proton Mail, there is an option to add a password. To the recipient, this works just like web-based sharing: they get a link, go to a web page, enter the password and see the message.

Tuta also offers secure email between Tuta customers. Tuta used to be called Tutanova.

MESSENGER PROGRAMS top

Signal can be used for sending files securely. There is a page here on Signal, but I have not used the file transfer feature. The big down side is that both the sender and the recipient have to have the Signal software installed. Even worse, Signal is not available on all operating systems.

ARTICLES top

How Can I Send a Document to Someone Securely? by Leo A. Notenboom. Last Updated April 4, 2026. Originally written in 2012. One scheme mentioned here is first password protecting a file and then emailing it with normal insecure email. As with many schemes, the password needs to be communicated separately to make this work. Also, it requires the recipient to have the same software that the sender used to encrypt/password protect the shared file. The zip file format should work well here, but if the recipient is not technically oriented, they may struggle to open the file.