Hi! My name is Filippo, I'm a student at Polytechnic University of Milan, Italy.
One day I was working on a university's computer and a friend of mine needed to share a file with me. Although it was just a simple PDF, we didn't know how to handle it: I am very skeptical about to log into a cloud or email service with an untrusted computer. So... how do we transfer the file?
From this story came up the idea of a private, secure and free temporary cloud service. Sort of website that generates a QR Code or a link that you use once to download your files, then you forget it forever.
The same server that host this website also runs other projects, like my personal website, hence the monthly costs of the hosting would have been the same with or without ioo.ovh. So, why don't we dedicate some free space to the rest of the world? :)
Basically every file uploaded is modified by the server to make it unreadable by anyone except you (or the person who has the link). This means that even the owner of the website can't see the content, which lead users to huge responsibilities.
To giving you an example, I have captured part of the hexadecimal codes that compose the profile picture that you see above (called plain text). Then I've encrypted the picture with the same method used on ioo.ovh, and this was the result:
The two files are definitely different. You can click on the images to check how the browser tries to interpret unsuccessfully the encrypted photo whereas reads successfully the dencrypted one.
Moreover I took steps into avoiding buteforce attacks and flooding requests by filtering suspicious behaviourThings for nerd:
All the files uploaded into this server are first encoded with base64 and then encrypted with mcrypt.TripleDES through a filter on the stream. Next step TODO: OpenSSL/AES-128 GCM. Every link generated by the system is cryptographically secure. No decrypted file is temporary saved on the server while downloading. The key used in the above example is "test". You can try to download the image by yourself and decrypt it :) Every filename and extension is replace on upload to ensure that any type of file (even PHP or EXE) could be uploaded without incurring into system error (and for security purposes, of course).
Privacy is the first reason. We don't want either to see our files being published or to have someone look into it. Especially if the content is sensible, like Credit Cards numbers, Social Security numbers or a photo of our ID card: sometimes it's far better to rely on an external temporary encrypted cloud service, instead of sending attachments by email.
The software is provided "as is", without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose and noninfringement. In no event shall the authors or copyright holders be liable for any claim, damages or other liability, whether in an action of contract, tort or otherwise, arising from, out of or in connection with the software or the use or other dealings in the software.
Dear user, we inform you that the personal data you have provided, will provide, and that which we obtain through your use of our website will be used solely for the purpose related to the service which you have requested.
We wish to inform you that you may exercise the rights provided by the Privacy Code, particularly in regards to the possibility of knowing the nature and type of information in our possession, to request its integration or rectification, as well as to exercise, at any time, the right to object to the treatment and receiving of messages via e-mail, even to request that we delete your data.
In the course of navigating our website, ioo.ovh will install on your device and your web browser some cookies that are tools permitting us to store some useful data which improve our offered services. These cookies are:
Use and processing related to these cookies do not require your consent, under the applicable law. Please note that this website does not use profiling cookies for which to ask consent.
To disable cookies through browser, please refer to the link below: