For personal, local, non-critical transfers, it is excellent. For anything requiring integrity, attribution, or confidentiality against a local network attacker, a tool like (with PAKE) or an encrypted USB drive is superior.
| Threat | Risk Level | Mitigation in Sharedrop | |---------------------------------|------------|--------------------------------------------------| | Eavesdropping (same LAN) | Low | DTLS encryption – requires breaking TLS 1.2 | | MitM on signaling server | Medium | Signaling uses HTTPS, but identity not verified | | Fake device impersonation | High | No mutual authentication | | Malicious file delivery | Medium | Browser sandbox helps, but user can be tricked | | Metadata leakage | Medium | Peer IPs exposed to other clients | sharedrop
: Users appear as unique avatars on the interface; you simply drag a file onto an avatar to initiate a transfer. For personal, local, non-critical transfers, it is excellent
As you transfer the file, you can see the progress on the screen, and once it's complete, your colleague can access the file immediately. This seamless and efficient process makes it easy to collaborate and share files with others, even in situations where traditional methods might not be feasible. As you transfer the file, you can see
ShareDrop functions by creating a direct connection between two devices using (Web Real-Time Communication).
Sharedrop is a that fulfills a clear need: cross-platform AirDrop-like transfer without servers. Its use of WebRTC DTLS provides good encryption, but the complete lack of peer authentication and browser memory limits prevent it from being a secure enterprise solution.