WeTransfer is a popular service used by millions worldwide to send large files. You may have wondered if it’s safe or whether you should use it to share sensitive files. We answer these questions below and present a WeTransfer alternative that may suit you better.
What is WeTransfer?
WeTransfer is an online cloud storage and file transfer service that lets you send attachments totaling up to 2 GB for free. You can also sign up for a paid plan and get 1 TB of storage and the ability to transfer attachments up to 200 GB. It’s often recommended as an easy way to get around attachment size limits that most email providers have in place.
Is WeTransfer secure?
We wouldn’t consider WeTransfer secure. While the service does explain(new window) in some detail how it secures the data you send, it skips over some important details. Let’s go over the process.
When you upload your files to WeTransfer, they’re encrypted using the TLS protocol. TLS is very secure (it’s the standard for all internet traffic) and renders files unreadable even if they’re intercepted.
Once WeTransfer has received your files, it decrypts them and encrypts them again, this time using AES-256, a highly secure protocol often used by cloud storage services to protect files on their servers.
At this point, WeTransfer is ready to send the file to your intended recipient. Once they download it, this process happens again in reverse. WeTransfer decrypts the AES-256 encryption it had used on your file, then encrypts it again using TLS for the download process.
This may all seem just fine, but there’s an issue: During the file transfer process, there are moments when your files are unencrypted, however briefly. When WeTransfer decrypts your file to switch encryption types (from TLS to AES and vice versa), your files revert to plaintext, unencrypted data. This means they can then be seen and read by anybody with access to WeTransfer’s servers.
Even if you trust WeTransfer’s staff (and you shouldn’t have to), if anybody gains unauthorized access to WeTransfer’s infrastructure, they could see what you’re sending and storing. This is a serious issue if you want to keep your sensitive data secure. It’s also why WeTransfer can’t be used to store sensitive information(new window) under HIPAA, the regulation that governs how medical patients’ data must be treated in the US.
A better WeTransfer alternative
There’s an easy way to get around this issue, though, which is to use end-to-end encryption (E2EE). With E2EE, your files are encrypted on your device and not decrypted until they’re on your recipient’s device. At no point can the provider of the online service see your files or data.
At Proton, we’ve designed all our apps to use end-to-end encryption by default. This includes our secure cloud storage service Proton Drive. Any files you store on Proton Drive can’t be seen by anybody else, including us. This is one of the reasons why Proton Drive is HIPAA compliant while WeTransfer isn’t. If you want privacy, there’s no alternative, and we offer 5 GB of storage for free.
Proton Drive doesn’t just offer better security than WeTransfer, it’s also better at sending large files. Not only can you send bigger files, you also have more options when sharing. For example, you have more control over who you share with, you can password-protect folders and even set expiration dates for links.
The reason we can offer more features than our competitors can while maintaining a much more generous Free plan is that we’re entirely funded by you, our community. This lets us focus solely on protecting your privacy and developing useful features that serve your needs.
The result is a cloud storage service that keeps your files safe and private by default without cumbersome, outdated encryption. If that sounds like something you would want to try out, join Proton Drive today. You can start sending large files within minutes, it’s easy.
