Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: What's your go to for sharing sensitive files with non tech people?
6 points by privsen 44 days ago | hide | past | favorite | 14 comments
My accountant asked me to send tax documents. My parents needed help with medical records. A client wanted API credentials. Every time I hit the same problem: PGP is way too complex for them, Signal requires installing an app, email attachments feel insecure, and I don't trust random file sharing sites.

What do you all actually use in practice? Curious if there's something obvious, I'm missing.



Bitwarden Send or https://1ty.me/ or similar services. Bitwarden Send can do text or files, which is nice.

For actually sending, Signal disappearing messages or phone calls for some info.


Bit warden Send looks nice but the free tier is text-only my parents needed to send a PDF. Will check if 1ty.me handles files.


Try Psono. You can share any secret via a link https://doc.psono.com/user/basic/sharing.html#with-externals...

You could eather host it yourself or use e.g. https://psono.pw, a free hosted instance of Psono. In regards of trust. Psono is audited every year and the company behind it is ISO27001 certified.


nginx with a simple auth username/password is what I use for non technical people. For some of my lawyers I managed to get them to use SFTP with WinSCP so we could send things back and forth for edits. Using nginx I keep files off commercial leaky spying AI infected platforms that make pinky-promise lies.


Love the self-hosted approach. Pinky-promise lies is exactly my concern with most services. Setting up nginx is more than my parents could handle though. Curious if there is something in between - no third party data access but also no server to maintain?


Setting up nginx is more than my parents could handle though.

The idea in this case would be that case is you are hosting the files and setting up nginx. They could send files back if your web server has an upload interface or they could send files back using SFTP to a chroot sftp-only account. Set up a profile in WinSCP for them. Make a few screen-shots in case they forget. It can be made one-click to connect and one click to sync files.


Take a look at Psono. You can share any secret stored there with a link. https://doc.psono.com/user/basic/sharing.html#with-externals...


Signal is almost the only thing that I strongly trust.

Originally set it up to discuss patent stuff which had to be kept pretty secret, stayed for the lolz.

For small but sensitive items of data, such as bank details, I split over a couple of channels, eg SMS and email, to make it harder for any one bad actor to see all parts.


The split channel approach is clever, never thought of that. Do you find people actually follow through with the second channel or do they just reply what's the code?" in the same thread?


It seems to work, especially when I explain why.


password-protect PDF and then email ftw


Simple and works! Though I have read that PDF passwords are surprisingly easy to crack and the file lives in their inbox forever. Guess it depends on the threat model.


Google Drive.


Fair - it's convenient. Though after seeing how many services train AI on uploaded content, I've gotten paranoid about what I put in cloud storage.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: