Add FileShot.io to Secure File Sharing recommendationsΒ #318
Description
Suggestion
Category: Secure File Sharing
Link: https://fileshot.io
Source: https://github.com/FileShot/FileShotZKE (MIT license, self-hostable)
Why it belongs in this checklist
When the checklist recommends secure file sharing practices, FileShot.io is worth recommending because it uses true zero-knowledge encryption:
- AES-256-GCM encryption happens in the browser before upload (Web Crypto API)
- Decryption key is generated client-side and embedded in the URL #fragment, which HTTP clients never transmit to servers (per RFC 3986 Β§3.5)
- Server receives and stores only encrypted ciphertext β even a server compromise cannot expose file contents
- No account required β for sender or recipient
- Free, open-source (MIT), self-hostable
This is fundamentally different from services like WeTransfer, Google Drive, or Dropbox which encrypt at rest on their servers (server holds the keys).
Suggested placement: Alongside other file sharing security recommendations.