← back home

Secure Digital Handshakes: Simple Ways to Share Sensitive Files Safely with Anyone

December 15, 2025
Secure File Sharing Data Security Encryption Privacy Self-Hosting Sensitive Data Non-Technical Users One-Time Links Secure Messaging Threat Model
View original discussion on Hacker News

The challenge of securely sharing sensitive information—like tax documents, medical records, or API credentials—with non-technical individuals is a common dilemma. Traditional methods like PGP are too complex, while common solutions like email attachments feel insecure, and trusting random file-sharing sites is risky. The core need is for solutions that offer robust security without requiring recipients to navigate complex technical setups or install new applications.

Encrypted One-Time Link Services

Several services specialize in sharing information via secure, often one-time, links. These are designed for simplicity:

  • Bitwarden Send allows you to share text or files (though file sharing is typically a paid feature). It's appreciated for its convenience and disappearing message functionality.
  • 1ty.me is another similar service focusing on temporary, secure sharing.
  • Psono offers robust secret and file sharing through links. It can be self-hosted for ultimate control or used via a free hosted instance like psono.pw. Psono emphasizes its security through annual audits and ISO27001 certification, addressing trust concerns about third-party platforms.

These services often encrypt the data in the browser, meaning the service provider never sees the plain text, and provide links that expire or are only valid for a single view.

Self-Hosting for Ultimate Control

For those prioritizing complete control and avoiding commercial cloud platforms, self-hosting is a powerful option:

  • Nginx with Basic Authentication can be set up to serve files from your own server. While setting up Nginx is beyond a non-technical person's ability, the idea is that the sender (the technical person) hosts the files. For recipients needing to upload files back, an upload interface or a pre-configured SFTP client like WinSCP (with screen-shot instructions) can simplify the process to a one-click action.

This approach directly addresses concerns about "pinky-promise lies" from platforms that might mine data or have vulnerabilities.

Established Secure Messaging and Low-Tech Tricks

  • Signal is consistently recommended for its strong end-to-end encryption and trusted reputation, especially for highly sensitive discussions. The main hurdle is the requirement for all parties to install the app.
  • Splitting Information Across Channels: For small, highly sensitive data points (e.g., bank details), a clever strategy is to send different parts of the information through separate, distinct communication channels (e.g., half via SMS, half via email). This significantly increases the effort required for a single bad actor to intercept all the necessary data.
  • Password-Protected PDFs: A simple and effective method for many scenarios is to password-protect a PDF document before emailing it. While PDF passwords can be surprisingly easy to crack for determined attackers and the file remains in an inbox indefinitely, it offers a basic level of protection that's easy for non-technical users to handle, depending on the threat model.

The Convenience vs. Privacy Trade-off

While highly convenient, mainstream cloud storage solutions like Google Drive raise significant privacy concerns for sensitive documents, particularly regarding services training AI on uploaded content. The discussion highlights a growing paranoia about what data is entrusted to large tech companies, pushing users towards more private or self-hosted alternatives.

Ultimately, the best method depends on the sensitivity of the information, the technical comfort of the recipient, and the sender's willingness to manage a more complex setup for greater control. Balancing these factors allows for secure and practical file sharing.

Get the most insightful discussions and trending stories delivered to your inbox, every Wednesday.