Peer-to-peer file transfers in the browser
182 comments
·March 12, 2025smusamashah
sir_eliah
Probably you can also add Dragit[1], which is a desktop p2p file sharing tool for local network with automatic host discovery. Currently supporting Linux and Windows. (author & maintainer here) I'm not sure if I should keep on working on the tool, considering the length of the list so far. :D
makeworld
You should add sendme, it's one of the best I've tried for the CLI. https://www.iroh.computer/sendme
kenrick95
Not sure if it's p2p, but I also find that this exist: http://xkcd949.com
BiteCode_dev
https://wormhole.app/ has been spared and is pretty good. Encrypted, dl can start before up is finished, decent size limit.
Unrelated to the wormhole python cli tool and associated file sharing protocol.
smusamashah
It's not a p2p tool btw.
smallerize
It can be, if you send files larger than 5GB. https://wormhole.app/faq
lxgr
Both not to be confused with Web Wormhole, which is also pretty good: https://webwormhole.io/
Slightly different approach – "P2P first", i.e. both sender and receiver need to be online simultaneously throughout the transfer, but there's a TURN relay, so it should work in almost all network constellations.
asynchronousx
Was very annoyed when they acquired ShareDrop.
westurner
/? inurl:awesome p2p site:github.com: https://google.com/search?q=inurl:awesome+p2p+site:github.co...
Peer-to-peer: https://en.wikipedia.org/wiki/Peer-to-peer
d3rockk
Bless you.
Springtime
Opera browser used to have P2P file transfers as a short lived feature in ~2010, called Unite. I remember it also had skeuomorphic GUI of a 'fridge' where users could put post-it style notes that could be seen by others.
One of many everything-and-the-kitchen-sink features Opera Presto had during its heyday. Others included a separate Bittorrent client, desktop widgets that could be moved outside of the browser window, full IRC client, email client and peerless hotkey actions customization.
By some miracle the browser still managed to be a rather lean binary.
culopatin
Can we have that do-it-all Opera back? RSS, email, torrents.
Feels like we had it all internet wise in 2007-2010 and then decided to throw it all away.
rplnt
We did not decide it. Google decided to kill it. In countries where Opera had major share Google ran aggressive and deceptive (something something faster) campaign with billboards, radio and tv ads. Chrome ads were also everywhere on their homepages (google.com, youtube.com). But more nefariously, Google kept blocking features and apps based on the UA agent alone. Add lots of tech demos with their custom extensions.
miki123211
Don't forget bundling Chrome with random apps (I remember cCleaner), making it install silently and automatically set itself as default.
I got caught by this as a kid a few times, I was technical enough to know what was going on, and reliant on a screen reader (which Chrome didn't support back then), so it was definitely a memorable annoyance for me, but I guess quite a few people didn't care.
masklinn
They did that in pretty much every (developed) country not just those where opera has major share.
null
mrweasel
I think Vivaldi have both RSS and email, it's sort of the spiritual successor to the original Opera.... I miss the old Opera.
rplnt
Vivaldi is roughly 1000 times slower. You need a pretty good computer to run that UI. It also lacks extremely basic features Opera had; like working LRU tab switching. I liked the idea, but it's impossible to recommend.
0x0f_4
> One of many everything-and-the-kitchen-sink features Opera Presto had during its heyday.
oh the Presto engine.. shame its not the same opera we used anymore. still has the best ux on phone, unfortunately no other browser come close.
nashashmi
I really wished opera had a greater market share than it did. It did relatively well for a few years with share between 1-4%. But was lagging behind defunct browsers like IE6. And back then the browser space was only chrome, Firefox, and IE. Notable mention to safari and KDE fwiw.
The everything browser made it a difficult experience to understand. Kind of a feature overload in the face of minimalism being practiced by chrome and ie7.
freehorse
I remember this fondly. How much more beautiful the web could have been if google had not killed everything else.
kristopolous
Opera has an operator mode now btw. I think it slipped through the hn radar. Maybe 2 weeks ago was the announcement? Hit producthunt's main page
null
modeless
I wish there was a way to do local peer discovery with WebRTC. Right now both endpoints need an active Internet connection and a shared identifier (in this case a special URL) in order to find each other. Can't do offline local sharing.
Sean-Der
You can! https://github.com/pion/offline-browser-communication
It uses mDNS for discovery. You can only do one browser though.
I don’t see a path forward on browser/browser that is obvious. It would make it so easy to fingerprint if you could set your mDNS hostname in JS
modeless
If one end of the connection is a native app like this you have plenty of other options. Browser to browser is the use case I'm talking about.
It could be done with a browser-owned dialog to select peers instead of exposing all local peers to the web by default. Similar to the web MIDI API or others that expose local devices only with explicit user permission for the specific device.
lxgr
A QR code should work if at least one of the browsers has camera access, I suppose?
sbt567
arilotter
iroh's stuff is great but their local peer discovery can't work in a browser, since it uses an mdns-like protocol to do it
ivanjermakov
I solved this issue by implementing a webtorrent tracker[1] client. Signalling server is still needed, but with this approach any webtorrent tracker can act as one.
pzo
Sharing identifier maybe we could do with qrcode, chirp audio protocol, nfc tap. Ios has peerconnectivity that works really as p2p network but sadly no web api and doesn't work android (not sure someone reverse engineered protocol)
lxgr
Somebody indeed has, but since it uses a custom low-level 802.11 variant, I don't think it's feasible on (at least non-rooted) Android devices: https://github.com/seemoo-lab/opendrop
k__
Couldn't you use sound/bluetooth/qrcodes/etc. to do signalling?
I once did it by copying messages from textarea's back and forth.
null
latexr
The thing that usually annoys me about these services is they tend to give you an intractably complex URL to share with the recipient. This poses a problem because every time I need such a P2P transfer, I’m communicating with someone over the phone and they need the file on a computer (which may not even be their own, so email is also cumbersome).
https://file.pizza does this better than most, as the URL consists of real words. But all the words are ingredients in English which comes back to being an issue again.
https://pairdrop.net is my go-to, since it allows creating temporary “rooms” with just five letters, which are easy to share over the phone.
Still, I continue to wait for the holy grail of a P2P service which would allow me to initiate a connection via CLI and get a simple URL to share with someone who could download the file from a web browser, saving me from having to babysit the browser tab. There are services which allow you to upload via CLI and download via web browser, but they host your file so you have to wait for the full upload to finish before sharing the link.
lotharrr
One tricky constraint is that a "simple URL" isn't big enough to hold a full-entropy encryption key. So your security must either come from PAKE (like magic-wormhole and friends), or from the good behavior of some intermediary. And PAKE requires a peer who knows the plaintext and will only execute the protocol once, which means it really needs to be the person you're connecting with and not an intermediate webserver.
I think it's a 2-out-of-3 trilemma: end-to-end encryption, short codes/URLs, offline/non-interactive workflow: choose two. Or framed differently, if you require proper encryption, then either the code/URL must be long enough to hold the full key, or you must use an interactive (PAKE) protocol which means both agents must be running at the same time (babysitting).
Your last point is an interesting one: we could build a form of magic-wormhole where the sender's CLI waits, the recipient gets a URL, the URL points to a web page which performs the client side of the protocol. The server wouldn't host the file, just the decryption agent. Basically wormhole receive in a browser. That would match many of your goals.
However I'd be hesitant to do this with magic-wormhole because it opens up a vulnerability we don't currently have: the web server hosting that page could silently swap out the JS with a version that retained a copy of the plaintext, perhaps only when the browser is coming from a specific IP. You can't audit a webserver for consistent+correct behavior the way you could with e.g. the contents of a Debian distribution.
That said, the usability gains of the recipient not needing a CLI tool installed might be worth the tradeoff for some folks.
(I'm the author of magic-wormhole)
noAnswer
https://rdrop.link gives you six characters. It's IMHO "telephoneable".
ryandrake
The file.pizza one doesn't look like it's peer-to-peer. You upload a file to their server, and then they provide a download URL you can share. Kind of the opposite of peer-to-peer. I would expect a "P2P" file transfer product to not require any intermediate storage besides the sharing user's and the recipients'.
mary-ext
rather worried that it's going to go the same fate as ShareDrop (https://github.com/ShareDropio/sharedrop) and Snapdrop (https://github.com/SnapDrop/snapdrop) where they recently got taken over by LimeWire the crypto/AI company.
chad1n
I wonder how much LimeWire pays to buy all of these foss projects, must be a decent amount if everyone is selling his solution
Etheryte
Wouldn't be surprised if the prices are fairly low actually, I would wager most of these projects make no income.
grimgrin
limewire aint touchin soulseek
and it has people building alt.clients
https://nicotine-plus.org
https://github.com/slskd/slskd
null
mainframed
Yup. I recommended snapdrop to everyone in my family and friends for local data sharing without a cable.
When I discovered that it now uploads stuff to Limewire I was so annoyed that I had to admit I suggested a harmful tool for sharing private data. So much, that I will never recommend a similar website. Either I'll host it my self or suggest an installed tool through F-droid, if it exists.
I mean, it is entirely my fault. I knew the security risk, but set it aside, because I didn't think some known guy developing an open source tool would in his name try to grab your data.
IncreasePosts
Wow, as someone who worked at the original limewire back until we got sued out of existence, this makes me sad to hear some scammers bought the IP and resuscitated the corpse of the company.
null
sellmesoap
I came across this recently while looking at cosmopolitan lib stuff https://bob.osau.re/
amelius
It's so strange that this should have been a solved problem decades ago, but somehow a robust and secure non-commercial solution never gets off the ground.
Speaking of which, how is the IPFS project doing these days?
j_maffe
IPFS is in this weird state where it's getting barely enough updates and enough usage to not be considered vaporware.
piyuv
It was solved a decade ago, BitTorrent protocol
megadata
Yeah, your can do your dishes with the fire hose too.
supertrope
People drive one ton pickup trucks to commute to their desk job. Or to get two bags of groceries.
SirMaster
I think people mean something seamless like AirDrop is on Apple devides, but some public standard that gets implemented on all platforms like iOS, Android, Windows, macOS and Linux, so all these platforms can just easily send files to each other simply and securely over WiFi.
Aachen
Torrents can be seamless. I take it you haven't used a download manager that would just grab any file, treating torrents just like any other download, as seamless as HTTP downloads are?
It doesn't have to be a dedicated system where you manage how long you seed, port forward, and other technical requirements: torrents already work well when you just seed while downloading because the server can never get overloaded, pretty much no matter how viral something goes. So long as it keeps serving the tiny torrent file, a few blocks on occasion, and the few packets needed to set up a NAT punch between people (STUN/TURN server? I always forget what's what), people can get the file from each other and you don't have huge bandwidth costs or have the site go down once the included bandwidth is exhausted. There's a reason Facebook and Twitter use(d?) this for distributing server updates¹, and I don't think someone remotes onto every server to visit the pirate bay, which torrent technology has sadly become synonymous to and people don't realise it is a transfer protocol just like FTP, HTTP, and other TPs that I'm forgetting
> some public standard that gets implemented on all platforms
What this is based on doesn't matter. It can be http, it can also be torrents. It's not very useful if you're sending files from and to one person almost every time (perhaps at the end of a holiday with friends, more than one person would want everyone's photos, but still), I'm just objecting to torrents being misunderstood as the only thing most people used it for: downloading copyrighted material in dedicated (and often unwieldy) software :)
¹ https://torrentfreak.com/facebook-uses-bittorrent-and-they-l... Article also mentions that a university cut 20 of the 22 update-distributing servers, I didn't know of that example
piyuv
There’s no incentive for big players to play nicely with other platforms so they just won’t. Hardware standards like Qi2 are different since it affects costs directly. Software is usually built for lock-in since quite some time.
“Buy your mom an iPhone” and how Apple buried beeper mini into nonexistence was a nice example.
pjc50
"Securely" is doing a lot of work here; you need some out of band mechanism to transfer the link in the first place, to determine who you're getting the file from, and then you might as well use that to transfer the file instead. Also people want to be able to do it asynchronously, so they use things like WeTransfer.
During the brief period that open Airdrop / bluetooth file transfer was a thing, there was a short fad of spamming porn to nearby people on public transport. So that was the end of that.
culi
AirDrop was a huge asset to protestors in Taiwan. It was heavily used for mass demonstrations. Something that works cross-platform could be really great for political movements
JadeNB
> I think people mean something seamless like AirDrop is on Apple devides
Ha! I do wonder if I'm the only person who has errors where sometimes an AirDrop attempted transmission, from two devices sitting right next to each other, just hangs indefinitely, even if a transmission between the same two devices a minute ago succeeds. Like all Apple solutions that Just Work, it's great when it Just Works, but, when it doesn't, great effort seems to have been taken to make sure that there's no way to find out why not.
brulard
BitTorrent started in 2001, so more than 2 decades.
lxgr
Very different use case. It seems both too heavy weight and not capable enough for e.g. sharing a screenshot or PDF from an Android phone to a Linux laptop without Internet connectivity.
hot_gril
This isn't always encrypted, right?
pzmarzly
Arguably, only in BitTorrent V2, which released in 2017, wasn't supported by major clients until 2020, and is still not widely adopted.
piyuv
The same reason universal healthcare and free education is not widely adopted in the US. BitTorrent is quite “widely adopted” in other parts of the world.
sidewndr46
Peer to peer sharing doesn't really have much opportunity for commercialization. The closest thing I can think of is bluetooth file sharing, which can still be a painful experience in some circumstances
supertrope
Yes businesses tend to only work on interoperability when the interoperable product is just a complement to their main revenue generator. Like how Netflix releases clients for many platforms. No one is going to be motivated to make a (1) free (2) easy to use (3) cross platform file sharing solution. It'll also draw the ire of the copyright cartel. File locker websites have been harassed and "legitimate" cloud storage services are forced to police their user's files.
megadata
Not only sharing, bluetooth in general can be a painful experience in some circumstances.
IsTom
I think it's because of all the NAT, which makes any attempt cumbersome for a lot of people.
Yizahi
XKCD from a decade ago, and we still can't figure it out ;(
Recently I had to send file from Whatsapp to Telegram, because apparently it is forbidden to download file from the Whatsapp and it's a "feature". Facepalm....
PS: afaik IPFS doesn't guarantee file storage, a separate paid middleman is required for that.
j_maffe
IPFS allows you to store your file and share the content ID to someone else so that they can get it through P2P
cassepipe
If having someone intall transmission (or your favorite torrent client) is not a hurdle, I like the privtracker approach a lot : https://privtracker.com/
The reason I like it more is that most torrent clients can run in the background by default so it's not dependant on keeping a browser tab opened
It made it to the frontpage not so long ago but it'd be a pity if you had missed it
crazygringo
> Because data is never stored in an intermediary server, the transfer is fast, private, and secure.
But WebRTC needs a TURN server for when hole punching/STUN doesn't work when both clients are behind NAT.
Data is never stored in an intermediate server, but it can pass through.
How is the privacy and security ensured that the TURN server won't/can't read your data? Do you just have to trust them? Or is a form of E2EE employed?
I'm surprised this isn't even metioned on the page. Or does this not include TURN servers, and so file transfers just fail between certain peers? (Which it doesn't mention either.)
gloosx
TURN or STUN server can use the DTLS transport in order to encrypt the traffic.
So you know it's secure if you are using turns:// protocol and verified the certificate just like it works with https://
saurik
WebRTC, in fact, merely passes e2e encrypted packets through the TURN server (which, by the way, is only required if both sides are behind symmetric NAT: the vast majority of NAT doesn't cause this problem, though you might need to do STUN).
ranger_danger
> the vast majority of NAT doesn't cause this problem
Hard disagree, I've yet to meet anyone in my country that has gotten any WebRTC service to work at all.
saurik
FWIW, this doesn't actually imply we disagree, as maybe the vast majority of NATs aren't in your country ;P... we could both be right!
null
ivanjermakov
In WebRTC, TURN server is only used to establish a data channel. After that, data transfer us peer-to-peer.
https://developer.mozilla.org/en-US/docs/Web/API/WebRTC_API/...
crazygringo
That's incorrect. What you're describing is STUN, when it works. TURN is what is used when peer-to-peer remains impossible. All data transfer is via the TURN server.
phailhaus
OP can just not use a TURN server, and it won't work for double-NAT traversal. I did this in a side project to avoid the security risk.
eptcyka
But you can punch holes even when both clients are behind NAT.
ranger_danger
How so? With both users behind symmetrical NAT? TURN does not count as punching holes IMO.
eptcyka
Both clients send a packet to a server, server sends the remote IP to both parties, both parties try to send traffic to either’s remote IP. Unless their nat firewall is evil, this should work.
robertlagrant
Good point. I didn't think of that.
Rygian
There is also Magic Wormhole [1] which is not in-browser.
mhitza
And https://github.com/psanford/wormhole-william which is a Go reimplementation of the client. I only want to point this out specifically because an apt-install of magic-wormhole on Ubuntu 24.04 actually results in a program that does not work (the beauty of python dependencies at play?)
artursapek
It's really amazing to me how successful Python has been given its dependency management and package installation tooling
0xdeadbeefbabe
If someone has ported the server I'll run my own instead of taking the bandwidth.
Timber-6539
Pretty sure the snap version of wormhole works. I use it from time to time as well as the go binary.
nuptials
There is: https://wormhole.app/ for the browser if one needs it.
sevg
Other readers, please do note that (the unfortunately named) wormhole.app is unrelated to the frequently recommended, heavily peer-reviewed and much longer-standing magic-wormhole.
Imustaskforhelp
exactly!
Was just looking for such comment because I knew about wormhole.app is not on top of wormhole protocol itself.
Thanks for your comment , may it help other people.
Retr0id
Not to be confused with https://webwormhole.io/, which is open-source
arthursw
I really like PairDrop https://github.com/schlagmichdoch/PairDrop
PhilippGille
Thanks for sharing!
Most other solutions don't allow pairing of devices across networks.
TFA's "file.pizza" only allows to initiate a session on the device that uploads a file, which makes it tricky to share a file from a mobile device to a laptop (due to tricky QR code scanning with the laptop camera).
PairDrop allows cross network pairing (mobile device can scan QR code from laptop screen), and file uploading from both sides afterwards.
rpastuszak
Heh, seeing PairDrop motivated me to make sth similar, but more as a toy/exercise in messing with idiosyncratic/home cooked software: https://sonnet.io/posts/reactive-hole/
gsliepen
"It's peer-to-peer, trust me bro!" The problem is that you are still using a website provided by a third-party to serve you the JavaScript program that initiates the transfer. It's easy to replace that JavaScript by something that just transfers a copy to the third-party itself. To be sure that the transfer is actually peer-to-peer, either the sender or receiver should run their own fillepizza server (and have verified that the source code does not contain any backdoors or phone-home code). But if you do that, you actually don't need a peer-to-peer solution anymore, it's turned into a client-server problem.
I keep a long list of browser based and CLI p2p file transfer tools[1].
LimeWire (which now has its crypto currency probably) has been on a rampage recently aquiring some of really good tools including ShareDrop and SnapDrop. https://pairdrop.net/ is the last one standing so far.
[1]: https://gist.github.com/SMUsamaShah/fd6e275e44009b72f64d0570...