**Disroot Upload** is a temporary file hosting service powered by **Lufi**, an open source online software to upload and share files in a secure and private way with other people. We can think of it as an alternative to propietary services such as WeTransfer.
**Registration is not needed to use this service.**
# How does it work?
If we have a file we want or need to share, we just drag and drop it in the upload area, it is chunked, encrypted and sent to the server. We then get two links per file: _a download link_, that we give to the people we want to share the file with and a _deletion link_, that allows us to delete the file whenever we want.
**Lufi** is an [**E2EE (End-to-End Encryption)**](https://en.wikipedia.org/wiki/End-to-end_encryption) file sharing service that encrypts our files through the web browser before they leave our computer, so not only our **Internet Service Provider (ISP)** cannot see the file's content, **Disroot**'s administrators cannot either. The admins can only see the file's name, its size and its [mimetype](https://en.wikipedia.org/wiki/MIME) (what kind of file it is: video, text, etc).
When someone downloads our file, it is decrypted locally in that person's browser after the download. As we have just mentioned, neither the network administrators or the ISP will be able to see what is in the downloaded file.
!! **Upload** is not a cloud service since files are only stored online for a certain time, after which they are deleted.<br> For cloud services we have the [**Disroot Cloud**](https//:cloud.disroot.org).<br>It is also a different service from [**PrivateBin**](../03.Bin/docs.en.md/) since it can only shares text, while **Upload** can be used to share and download any type of file.
The whole encryption/decryption process is done automatically by the browsers, so no need of manually encrypt the files before, or manually decrypt them at the download.
The encryption key (that which allows whomever downloads the file to decrypt it) is a part of the link that is presented to us by our browser after we have uploaded a file.
This encryption key part of the URL is in fact what is called a [**URI** fragment](https://en.wikipedia.org/wiki/URI_fragment), it is only processed client-side (in our computer) and does not reach the server of the Lufi provider, so they cannot decrypt the file.
* **Report file**: to report a suspicious or illegal file to **Disroot** admins. Clicking on this option will open a dialog box to choose what email client we want to use to send the email report.
* **Upload files**: the default main screen with the upload area.
* **My files**: to check and manage the files we have uploaded (_we will see this in detail below_).
The size limit for the files we can upload is **2GB**. And the maximum time a file stays stored online varies according to its size. After that time expired the file is deleted.
So the larger the file size the shorter the time it is stored. The expiration delay of our files will be the minimum between what we choose and the following limitations:
As mentioned above, after setting the upload options (how many days it will stays online, if delete it after download or not and if it will be password protected) we can upload files by dragging it to the upload area and dropping it. Or we can choose to "click to open the file browser", navigate to our file and select it.
* first one is the **Download link**, this is the URL to the file we can share or download, and
* second one is the **Deletion link** which allows us to delete the file uploaded to the server at any time we want. To use it we just paste it in our browser and press "Enter" in the keyboard.
We will also have the options to **Copy all links to clipboard** (it is recommended to do so and save them somewhere else) and to **Send all links by email**.
In the case of this last option, we just click on the **Send all links by email** button, write the email address in the next screen and (optionally) a message to the recipient. Now note that there are two sending options:
* **Send with this server**: this is not recommended for security reasons, because if we send the email from the service provider's server, the links will be sent to that server first and then sent from the provider's email, not our personal one. This means that full links could be seen by the server administrators and therefore they would be able to download and decrypt the files. **Disroot** is a privacy-conscious provider, but as a matter of principle the best practice to keep our privacy safe is to avoid this option.
* **Send with your own mail software**: if we have an email client installed on our computer or device (e.g: Thunderbird, Evolution, etc.) then clicking this option will open it with the email ready to be sent.
This list of uploaded files is kept locally in our browser using the ["_localStorage_"](https://ng-girls.gitbook.io/todo-list-tutorial/workshop-todo-list/local-storage) (local web storage) in a [.json](https://en.wikipedia.org/wiki/JSON) file. So, if we delete our "localStorage" data or use a different browser or computer, we will not be able to access it again.