The basic idea behind this service is simple: we allow people to upload potentially large files (although not too large) to our servers, where they will be stored for a limited period. We generate a random URL which can be used to download the files during that period. Once the files have been completely uploaded, we send an email containing this URL to the address or UH username you have specified as the recipient. That's it, in a nutshell.
There are, of course, a few additional complications. First, this service is provided to the UH community, and is not meant to be open to the general public. However, we do wish to provide the ability for people unaffiliated with the University to use the service to share files with people within UH. In all cases, we require at least one end of the transaction (sender or receiver, that is) to be UH staff or faculty. The only practical consequence of this is that for a UH person to send files to a non-UH person, the UH person must use the link on the service home page to login prior to uploading files.
You cannot directly use the service to send files to multiple recipients. When filling in the recipient form, you must provide only a single email address or UH Username.
However, if you are a UH user using the service to upload files, you can effectively send the files to multiple recipients. Once the upload has completed, the resulting page will contain the link to download the files. You can copy that link and share any way you like. For example, you can email the link to multiple recipients. In fact (here is a little secret), if you are UH staff or faculty you don't even need to provide a recipient in the form: you can leave the recipient blank, in which case no email will be sent and it'll be up to you to send then download URL to your intended recipients.
There are a few restrictions on the service. The total size of the upload must not exceed 800MB. You can use the service as many times as you like, but any single upload cannot exceed that size. Also, we provide the files for download for a limited time only. Finally, the use of the service must comply with all relevant University policies, including E2.210.
For obvious reasons, it's important to be aware of these restrictions, particularly the limited download time window. If you are using the service to upload files, you must clearly inform the recipients that they must download the files prior to the closure of this window.
Currently, the files will be available for 1 to 7 days. A notice containing the date and time at which the files will be expired will be displayed once the upload is completed. Also, both the confirmation email sent to you (the uploader) and the email sent by the system to your recipient will contain the expiration date and time.
Once the period has run, the files are irretrievably deleted.
Even in the basic operation described above, the file transfer (both in uploading and downloading) is secure, in the sense that "SSL" is used to encrypt the traffic. This should provide sufficient security for most users. However, it's true that in the basic mode of operation the security of the system depends entirely on the obscurity of the randomly generated URLs used to download the files. It is extremely unlikely that anyone would be able to guess one of these URLs. But there may be other ways for an attacker to learn the download URL, and since in the basic mode of operation that's all we require to download the files, the attacker would gain access to the files.
We do offer an additional level of protection, for users exchanging files containing sensitive information. When uploading files, you can check off the "Require Authentication" checkbox. If this checkbox is selected, the UH user who is the recipient of the transfer will have to login before retrieving the files. That is, the recipient must know both the secret URL and the recipient's UH Username and password. The recipient must correspond to a "real" person -- shared groups accounts may not be validated against. If you would like your departmental email address to be included in those that can require authentication, please use the Feedback to send a message to the FileDrop team.