File Security
Files can be stored in three different methods, each with a different level of security.
Below you will find each method together with a short explanation.

Encrypted Uploads (BETA)

Note: this method is not enabled by default and you will have to set this as your preferred method on the upload page.
Please also keep in mind that this feature is currently in BETA, but we're regularly working on adding improvements.

Your file is first securely encrypted using a secret key (AES-128) with Javascript on your device.
Once it has been encrypted, the encrypted data is uploaded to a NoFile storage server over a secure HTTPS connection preventing any malicious users from seeing what you're uploading (as an extra layer of security).

Only those with the secret key (which is in the URL) will be able to see the correct content and filename - if a single character of the key varies, then the file will be unrecognizable.
Since the file is encrypted, anyone who wants to download it also has to decrypt it (this happens automatically on the download page).

The advantage of this method is that only encrypted data is sent to the storage server.
If malicious users gained access to the storage server with your file then they wouldn't be able to see what it contained (or even its filename) as all the data would be encrypted.

The two disadvantages of encrypted uploads is that it's not supported by older browsers.
The other disadvantage is that it's slightly slower as the data needs to be encrypted which requires some additional effort from your CPU (processor).

A Small Demo

As shown in the demo, the only encrypted version of the file is completely unrecognizable to the original file while the file size remains the same.
Only those with the secret key which is DecryptionKeyTst in our case, will be able to revert/decrypt the file back to its original content again.

URL Examples

The encrypted file URL contains an additional hash/pound (#DecryptionKeyTst) which is the secret key in this example.
The browser does not send any text written after the hash symbol in the HTTP(s) request, therefore the key remains securely visible only to the users with the URL and not the server.

Short Explanation

Your file is encrypted before it is sent to the server.
Only you and those that you've shared the download link with will be able to see what's inside your file or what the filename of your file is.


Standard Uploads

Similar to encrypted uploads, your file is sent to a NoFile storage server over a secure HTTPS line.
This will prevent anyone such as your ISP (Internet Service Provider) or anyone on your network from seeing what you're uploading (and downloading).

However, it only secures the transportation of the file leaving your file vulnerable while it's on the storage server.
If a malicious user gained entry to a storage server which contained your file then they could view the contents of the file.


Password Protected Uploads

Both encrypted and regular files can be password protected although password protection is redundant for encrypted uploads.
This feature does not encrypt your file, but it adds an extra layer of security and prevents anyone that's guessed the download link to your file from accessing it (unless they also successfully guess what the password is).

If you're sharing slightly more sensitive files and don't want to encrypt your file - then make sure that you set a password.
Once your password has been set it will be securely stored in the database (hashed with a salt) requiring anyone to enter the password before being able to start the download.


Saving To Dropbox

If the file is not encrypted then you have the ability to save the file directly to Dropbox.
Simply press the "Save To Dropbox" button to launch the Dropbox Saver.

For your privacy; the third-party Dropbox scripts are never loaded on the page until pressed.