As you may know security and confidentiality of data is an important topic these days. TransferXL takes advantage of a nice feature of the zip format in order to encrypt the contents of the contents of the actual files as they are transferred: the end-to-end encryption. It ensures a secure file transfer.
Safe file transfer: End-to-end encryption
Instead of performing server-side encryption, TransferXL offers encryption from within your browser. This means that the content of the files you transfer is already encrypted before they are uploaded to the Internet as part of the upload step.
So not only is the download step secure, but so is the upload step. – A big difference from encryption by a server within the cloud. In this case, the upload step is in fact (necessarily) unencrypted and the password used for encryption must be passed back and forth between the user and the server.
Note that the data is additionally uploaded and downloaded over HTTPS, which adds another layer of security.
Send documents securely: When to use end-to-end encryption
There are many use cases in response to this question. Here are a few examples:
- Scans of passports, driver’s licenses, etc. (Did you know that if this information falls into the wrong hands, you could be in big trouble, even needing to prove you didn’t do anything?)
- Financial information
- Medical information
- Legal information
Send files securely: Enable file encryption at TransferXL
To send your files encrypted, encryption must be enabled before uploading the files. To do this, click on the gear icon (Settings) and select “Encryption”:
By default, TransferXL will suggest a secure password (e.g. ‘8Un3a0ZK+KSUcaCjL5dK’), which you can simply copy to the clipboard. Alternatively, you can enter your own password: To do this, simply click on the “x” symbol and enter your personal password.
Important: Make a note of the encryption password in a suitable place. If you forget your password, unfortunately we cannot help you. The password used for encryption never leaves your browser, so our web servers will never know your password.
Next, press the “Encrypt Transfer” button to enable encryption:
Notice that you will see a green lock icon along with the text “Encrypted”. This tells you that you will be performing an encrypted transfer after you close the dialog box.
After you add the files, your transfer will be encrypted in the normal way. Recipients of the download link of an encrypted file transfer cannot view the contents of the transfer in the thumbnail view. To view the files, they must first be downloaded using the encryption password.
Transmission of the encryption password
In order for the recipients to decrypt the transfer, they need the password. You must give this to them.
You should not include the password in the message field under any circumstances. If someone is monitoring the recipient’s email inbox, then they will receive the download link as well as the password in a single email! Therefore, a second email is not a good idea either.
Instead, you should send the password in other ways, here are some suggestions:
- SMS or text message
- Instant messaging like Skype or Slack (just copy and paste)
- Cloud storage like Dropbox (just save it in a text file)
Supported unzippers for downloading
Unfortunately, not all unzippers support the zip format encryption feature. Here is a list of recommended unzippers:
- Windows: 7-Zip
- Mac/OSX: The Unarchiver
- Linux: File roller
The most important questions and answers about secure file transfer
With end-to-end encryption, the data to be transferred is already encrypted before it is uploaded. This enables not only a secure download but also a secure upload of the files.
Encryption is recommended when sending confidential documents such as scans of passports, driver’s licenses, financial information, medical or legal information.
Due to client-side encryption, files to be transferred are encrypted locally on the device performing the upload. At TransferXL, this means that we do not have access to the password, which guarantees that we cannot give your password to third parties, and therefore unfortunately not to you. In this case, we recommend to perform the file transfer again.