Published on 2023-12-14, 1121 words
Sorry, the entire folder is 5GB, and my email service only allows 25MB attachments.
I’m at 90% of my Google Drive quota. Besides, didn’t you see what Senator Wyden had to say about Google? I can’t put my wedding photos there!
Maybe you can just install an SFTP client on your end? I’ll need you to also generate an Ed25519 key; then just send me your public key on Signal and I’ll get you all set up.
Sometimes, it’s surprisingly frustrating to send large files between PCs over the Internet - or, even on the same network - without using someone else’s computer (aka The Cloud) as an intermediary.
The BitTorrent protocol is the gold standard for peer-to-peer file sharing. You probably have used BitTorrent at some point to download (and hopefully seed) a torrent. Where did that torrent come from? Someone created it!
It’s actually easy to create your own torrent, even just to send to one or two other people. You can use BitTorrent as a self-hosted means to share files like photos or videos, with decent privacy, and it’s simple enough to use with moderately tech-savvy friends and family.
The toolchain is 7-Zip to archive and encrypt the files you want to send, then qBittorrent to create the torrent file and post it to a tracker. The people you are sharing with use the same tools in the opposite order: qBittorrent to download, and 7-Zip to decrypt and un-archive.
As always, things may change; if this post is old, you need to do research to make sure that what was true in late 2023 is still true:
Security disclaimer: The methodology described in this blog post provides adequate privacy for sharing personal, low-stakes data over the Internet. Please don’t use this for backing up your employers’ PII dataset or sharing your country’s nuclear codes.
At a high level, the steps are:
Put all the files you want to share into the same folder. If you’ve installed 7-Zip, you should be able to right-click on the folder and have an option to compress as a 7z file. Here’s what this looks like in Linux Mint, for example:
Choose 7z as the file format and use a strong password. You need to write down the password somewhere, because you’ll have to share it with your recipients. Optionally, you can change the filename (like I’ve done here) if you want to hide the original folder name.
qBittorrent includes a torrent creator wizard, under Tools -> Torrent Creator.
Choose your 7z file, “Start seeding immediately”, and
add a tracker URL. In this case I’m using udp://tracker.opentrackr.org:1337/announce
Take note that I did not check the ‘Private Torrent’ option - because we do want to enable the “DHT network” so that recipients can auto-discover your IP address.
The distinction here is that the torrent file itself does not need to be private. The torrent file doesn’t contain the 7z file (your actual data) - it just contains a “pointer” to tell other computers where to download the file from.
The 7z file contains the original data, but thanks to the mathematical wonders of cryptography, the encrypted bits are still useless to someone that doesn’t have your password!
Let’s frame this as a Threat Model at this point. There’s a “bad guy” whose objective is to try to read the original data. Suppose that he intercepts the .torrent file and uses it to download the encrypted 7z file. That’s perfectly OK: because you used a strong password when you created the 7z file, the unintended recipient still can’t open it, because he doesn’t know and won’t be able to guess your password.
You can use email or any means to share the .torrent file. Remember, the .torrent file does not need to be kept secret.
The level of security here depends on the level of privacy you need. If you want to be paranoid, you can use a messenger service that supports end-to-end encryption, like WhatsApp or Telegram or Signal. (But, if you would have emailed the original file(s) anyway, if they had been small enough to fit in an email attachment, you would also be OK with sharing the password in an email.)
Your recipients should be able to open the torrent and download the 7z file. When they open the 7z archive, they’ll be prompted to enter the password you shared with them.
And then the files are there!
You have to leave qBittorrent running on your computer to seed so that everyone can download it from you. You’ll see your recipients show up as peers while they are downloading.
Finally, if you are sharing the file with many recipients, remember that you can ask them to leave their torrent program open, and they’ll be able to seed to each other.
Yes, if your goal is just to share files, and you don’t really care if someone else gets them or sees what you’re sharing, then you can skip the password-protection and encryption. And if you are not encrypting the files, it’s OK to skip 7-Zip altogether and just create a torrent directly from a folder.
On Android, you can use LibreTorrent and ZArchiver. There are probably analogous apps available for iOS.
I don’t recommend it because the encryption scheme used on .zip files is not very secure. It can hypothetically be cracked by a determined attacker, even if they don’t guess your password.