ITS considers this software to be a stable release. The tool has been in use in production for some time, and problem reports and feature requests have been incorporated into the current version. However, the app is still young, and as such some problems are bound to remain. We do hope that you will continue to send us your feedback if you have any problems or suggestions, or if you'd just like to give us your opinion of the service.
The basic idea behind this service is simple: we allow people to upload potentially large files (although not too large) to our servers, where they will be stored for a limited period. We generate a random URL which can be used to download the files during that period. Once the files have been completely uploaded, we send an email containing this URL to the address or UH username you have specified as the recipient. That's it, in a nutshell.
There are, of course, a few additional complications. First, this service is provided to the UH community, and is not meant to be open to the general public. However, we do wish to provide the ability for people unaffiliated with the University to use the service to share files with people within UH. In all cases, we require at least one end of the transaction (sender or receiver, that is) to be a UH person. The only practical consequence of this is that for a UH person to send files to a non-UH person, the UH person must use the link on the service home page to login prior to uploading files.
There are a few restrictions on the service. The total size of the upload must not exceed 800MB. You can use the service as many times as you like, but any single upload cannot exceed that size. Also, we provide the files for download for a limited time only. Finally, the use of the service must comply with all relevant University policies, including E2.210.
For obvious reasons, it's important to be aware of these restrictions, particularly the limited download time window. If you are using the service to upload files, you must clearly inform the recipients that they must download the files prior to the closure of this window. Specifically, the files will be available for download for three days only, after which they will be deleted. Files will be deleted at midnight of the third day after being uploaded. For example, files uploaded any time on Monday will be deleted Thursday night at midnight.
You cannot directly use the service to send files to multiple recipients. When filling in the recipient form, you must provide only a single email address or UH Username.
However, if you are UH user using the service to upload files, you can effectively send the files to multiple recipients. Once the upload has completed, the resulting page will contain the link to download the files. You can copy that link and dispose of it however you like. For example, you can email the link to multiple recipients. In fact (here's a little secret), if you're a UH person you don't even need to provide a recipient in the form: you can leave the recipient blank, in which case no email will be sent and it'll be up to you to send the download URL to your intended recipients.
Even in the basic operation described above, the file transfer (both in uploading and downloading) is secure, in the sense that "SSL" is used to encrypt the traffic. This should provide sufficient security for most users. However, it's true that in the basic mode of operation the security of the system depends entirely on the obscurity of the randomly generated URLs used to download the files. It is extremely unlikely that anyone would be able to guess one of these URLs. But there may be other ways for an attacker to learn the download URL, and since in the basic mode of operation that's all we require to download the files, the attacker would gain access to the files.
We do offer an additional level of protection, for users exchanging files containing sensitive information. When uploading files, you can check off the "Optional Authentication" checkbox. If this checkbox is selected, the UH user who is the recipient of the transfer (and in this case, the recipient must be a UH user) will have to login before retrieving the files. That is, the recipient must know both the secret URL and the recipient's UH Username and password. The recipient must correspond to a "real" person -- shared groups accounts may not be validated against. You can still use the service to send files to such an account, but marking the upload as requiring authentication will make the files inaccessible. So don't do that.