Privacy policy? Terms of Service? About company / developer(s) page? Technology details (P2P, intermediary server)?

Why would anyone download and install an app from a simple splash page like this? It could be anything.

Yep. You can keep the design simple, but you need something to explain what you're doing (or not doing) with people's data. Also, a bit strange this wasn't made available considering you ask for my email address right after the application starts.

We're building the tool to send your bytes peer to peer (UDP hole punching) when it can, which works ~90% of the time. When it fails, we route your bytes through our servers. We don't store your bytes.

Trent here, from WireOver. The tool isn't a virus or malware, don't worry. It's just a file sending tool. We'll put up terms of service and a privacy policy very soon.

Well make sure you get it up soon. hackers are paranoid people. =p

Oh, so if a website says they aren't stealing your data, or doing anything shady, then it's OK to trust them?..

It certainly helps as you then at least have evidence that you can use in court to prove that they've violated their own policies.

I'd say most of the people don't care about those. (Even if we do in HN.)

So, yes, WireOver guys should put some more information, but I don't think it's a dealbreaker anyway.

You are missing a Linux version. Yes, Linux has small market share yada yada yada, but you will find that a much larger percentage of new adapters and tech influencers are Linux users.

I was thinking the exact same thing, I feel very dissapointed every time I see something interesting at the top of HN, and when I'm going to try it out, there's no Linux version of it.

It's like you said, if they want a good number of beta testers/ early adopters, they should have a Linux version.

Having a linux version is important to us too. We'll have one.

Yes. Oddly though I went to look for the Linux version too.

Suggestion: If the visitor is using Windows, show a Windows screenshot on the homepage. If they're using a Mac, show a screenshot of the Mac version.

My thoughts:

1. I opened the web site and said ah, this looks pretty cool, I installed the software and thought, eah.. okay I'll install it even though I really don't want to install anything.

2. Upload was simple after signup.. I understand you have to do the signup thing to validate people somehow.. so for my test I sent a small file to myself..

3. Got the email to download it saw the link and tough ah sweet, just click it.. and was presented with the exe download.. hmm another thing to install to download the file... I thought, nah, not worth it, I don't want this thing anymore, form there I deleted the client.

You need to make it simple to share with people who don't have the downloader, you can't expect people to install something to download files they were sent.

Keep it free yet cap files to say 1MB for free users or something simple.. Paid users ~$5/mo get 2GB uploads..

As tashmahalic explains in another comment, they use UDP hole punching (http://en.wikipedia.org/wiki/UDP_hole_punching) for the transfer, which the receiving side must understand.

It is indeed a bummer to have to download an installer when you receive the file, but there's no way around it!

I think the transfers are supposed to be Peer-To-Peer (if possible), thus the required downloader.

I fully understand the idea of using peer to peer keeping costs down etc.. my review was just from a users POV.

When using the service to quickly send a file to a coworker or customer I would not expect them to download a 'downloader' to get my 'attachment'

If it's free (and it's planning to stay free), how is the company planning to stay in business?

I wonder if this uses P2P at all or whether everything is routed through their servers? The former would be far more sustainable (although NAT problems ahoy if that's the only channel).

It does look like they're planning on offering a paid version:

"Upgrade to Pro with end-to-end encryption to make your transfers completely confidential. We can't even access your files."

That's exactly right. We think most people will love the free tool for their personal use, and that many businesses will be willing to pay for End-to-End Encryption and CloudCache.

At first I believed that the revenue stream was like this: 1) ppl give their e-mail address 2) you scan the attachments (eg. words, subject etc). 3) you create a database 4) you sell the database to advertisers (that already have my e-mail address and can enrich their data).

I guess they earn by PRO version (chargeable) with extra security for some one who doesn't trust any one.

That opens additional way for malware find its way to non-technical user computer... Until now I could explain my granpa never to run any executables or downloads that come in emails.

I think you're opening a can of worms. The email is HTML, so it would be very hard for my granpa to verify that the link is actually to your site. As you can imagine it is very easy to make the email and site look exactly like yours, and even make the link URL itself look similar.

That's also a concern of ours.

We're doing the downloaders because it let's us do p2p, which is how we can offer free and unlimited. It also affords end-to-end encryption, and resumable/restartable transfers.

We think we can mitigate those concerns some by code-signing the exe, having the download from https, and building a recognized brand.

Also, we're considering a feature called "Channels". After you set up a channel with your grandpa, it can be trusted. You just drag files onto your "Grandpa Channel" and they go to his HD in that channel's folder (he gets a pop up to accept/decline). This also ends up being a convenience for frequent sends because you don't have to enter your recipient's email - you just drag and drop files onto the channel and they start going.

Does that address your concerns?

Sorry, but not really.

> We think we can mitigate those concerns some by code-signing the exe, having the download from https, and building a recognized brand.

I don't see how all these resolve someone sending an email that looks exactly like yours, which links to a page that looks exactly like yours, which links to a malware executable.

Even with code-signing I wouldn't trust non-technical users to understand difference between popups, as well as resist close-all-these-annoying-popups reflex.

To make sure that the email is legitimate I'll have to either check the source, or seek in the mouse over. And after it is a "recognized brand", no one will be checking that.

I don't see how I could feel safe with executable file download links in the email. Maybe registering a scheme and sending in email a link with instruction to the file origin would be more acceptable, but that's only if the software is already installed. Ex: wirefrom://my@email.com

What about Channels? If you have your grandpa install WireOver, and you set up a channel with him, all your sends over that channel can't be faked. He gets notified via the installed tool (dialog: "Would you like to accept files from Myrth?"), not via email, so there's no longer a need for him to download an executable.

Does that address your concerns?

Yes, if the email does not contain link to download an executable, it can be a great way to share files.

I got this on gmail for the verification email, thought you would want to know for users that are a bit less technically savvy:

Be careful with this message. Similar messages have been used to steal people's personal information. Unless you trust the sender, don't click on links or reply with personal information. Learn more

Thanks for letting me know. We need to find a way to fix that.

I would estimate it's some combination of the text, links, and most importantly domains. get some spf records setup for your from domain.

Hope that helps :)

As a user I love the no-nonsense straight to the point (and download) page, but as a HN'er I'd like to know more about it (and the company) before installing the software.

We'll put up some more info about us in the near future. Here's a bit: we're programmers from the computer simulation world, data visualization world, high frequency trading world, and desktop application world. This tool is our first beta - we're looking to prove people will love it, and get your feedback about how it can be better.

So - thanks for your feedback!

Agreed. There's no about page or the like. Looks awesome though if its legit!

Comparison: This looks like an automated desktop version of MediaFire/MegaUpload/YouSendIt, since right now it works by downloading from an intermediary (I assume, from what tashmahalic said: "You run it, it downloads your files"). It has advantages in being ad-free (for now at least), supporting unlimited sizes (ditto), auto-resume, return receipts, and encryption (though I suspect some of the existing sites may have these too).

It'll still be a winner if it provides a better user experience than the others, of course. When it goes fully p2p, it may become the killer p2p file transfer app that the world's been waiting for.* Good luck.

(* or does this already exist?)

creamyhorror, you have perhaps the best HackerNews username ever. Whatever was your inspiration?

WireOver was born out of sheer annoyance, because it's ridiculous that sending files over WANs and LANs is still such a pain.

Our guiding principle: BE NOT ANNOYING.

Ads would be annoying, so they're out. File size limits are annoying. Failed transfers are annoying, slow transfers are annoying, cluttered UIs are annoying, not sleeping well at night because you're worried about security is annoying.

Transfers should find the fastest route automatically - over internet or LAN - and they should go seamlessly between Mac, Windows, and Linux. That's what we want ourselves as users. We'd be pleased as punch to lower the annoyance level for others too.

That's a great principle to have. Less annoying things make life better - although I have no doubt it can take a lot of effort to eliminate annoyances (especially when you have to build a lot of intelligence into the system). We try to do the same in my own project, although we often have to assign 'nicer' (de-annoying) features to a v2 protoype because of limited dev resources. It's great that you guys are all coders (AFAICT).

My username makes people conjure up all sorts of images, which is why it's great for me to never plant a definitive one in their heads. I'm thinking of changing it, though, since it's none too professional on the rather social startup scene!

Sounds great. I still find it mind boggling how slow MSN 'p2p' transfer can be, I would love a great solution and will definitely give this a shot.

Man, that's a really great starting point.

"Sorry, you must run WireOver from inside the DMG it comes in."

Why?

It looks like it just installs itself into $HOME/Applications when you run it. No idea why you can't run it from somewhere else.

To give a proper introduction - I'm Trent, one of the co-founders of WireOver. We want our tool to become indispensable to all of you, and I really appreciate your feedback. I'm always impressed by how smart and useful your comments are. Thanks in advance.

Please give WireOver a spin and let me know what you think. I'm trent@wireover.com.

I've run a couple of tests and the email to pick up the file is not being received. If the user has to be logged in already and have the software downloaded, it's not clear at all. Expectation is that an email is received to notify of a file being available, and install software if it's a new account - which leads to more people using your service I would believe, being more viral in nature.

Check your spam box. Worked for me.

But the developers should check why the e-mail ends up in the span all the time.

THAT's a problem. We're trying to figure out why that's happening. Thanks for letting me know.

Thanks, I do see a great need for this. I wanted to transfer some medical records once and my doctor said he would just email them to me. I was aghast, but he said he did that all the time. I looked in vain for a secure file transfer system that would work for non-geeks.

That said, I don't see how you're going to be able to stay alive while offering unlimited bandwidth.

Sending medical records is one of our target cases. We will be HIPAA compliant.

I think we can sustain unlimited bandwidth because we're transferring files peer to peer, so the bytes go direct from sender to receiver. They don't have to go through our servers (except when P2P fails). So, we don't pay for (most of) the bandwidth. We're enabling you to use the bandwidth you're already paying your ISP for.

This is a simple problem and its kinda amazing that no one else has solved it yet. Good Luck!

Others have said this too - We needs a Linux version, hopefully usable on the command line too.

"Auto-Resume If your transfer is interrupted, it will automatically resume, even if you restart your computer."

Interesting feature. So far I've only see torrents have this. Would love if my downloads online had working pause and resume functionality.

It's actually pretty common, even if most browsers don't support it well.

Get a download manager (wget -c is my favourite), and it will work for you, too.

Most HTTP server support HTTP-Range queries, which allows resuming downloads. FTP (of course) has always supported this feature.

I've used rsync --partial to move very large quantities of files between computers (> 1 million once). Especially on many files, it generally runs several times faster than the OS's copy-to-networked-computer functionality, and it resumes in an instant. It's even faster if you run a daemon on the other end, so you don't need to do a bunch of back-and-forth to determine if a file is new or not.

It boggles my mind that OSX (for example) doesn't just use this under the hood, especially when sending to other OSX machines. It's an OS speaking to itself - spinning up a daemon automatically on the receiver would be trivial.

Congratulations, you just invented dropbox ;)

Dropbox is horribly slow when working with 1000+ files. Especially if they are small files. Last time I tried it Drobbox would use 100% CPU and go rather slow (while rsync didn't).

This was about a year ago though, things may have been made better by now.

I can see some use for this in transferring large files (for example virtual machine images) between my own computers which are sometimes connected by wlan, lan and sometimes just wan.

There are cases when I don't want to be waiting for the transfer to complete. Would be great if I could just take the laptop and finish the transfer over the internet later on.

User experience should be simple. For serious syncing I would use some other tools. I'm thinking something like right clicking on folder to make it "available", then on some other computer selecting which folders I want to download.

Some clever combination of web and client software could make this pretty smooth.

Your software should tell the user what it's going to do on each step before actually asking the user for permission and then doing it (it's not clear that it's an installer in the dmg, and that it's taking my email address to create an account and install a daemon and thingy on the menubar.

I like minimalism as much as anyone, but some basic info would make it a lot easier to trust (and thus recommend).

I can see how clear explanations of what's happening are important to build trust. We're going to improve on that.

Have not tried the application as of yet, although perhaps you should change the UI to read:

  "Send these files to:" for the label
  and
  "name@example.com" for the greyed-out default.

Instead of the current[0]:

  "Email to Send to"

[0] http://www.wireover.com/media/screencap.png

Good suggestion, thanks. We have some polishing of the UI to do.

«WireOver is a desktop app for sending files to anyone, anywhere.» True, just as long as GNU/Linux users are considered "noone, nowhere".

I'm use linux too, I feel your pain... I'm sorry we don't have it for you yet. We will.

Cool! Looking forward to it, thanks :)

You could just pass TrueCrypt volumes with the free service and have strong crypto file sharing for free.

Wow, this is pretty cool. It would be interesting to talk with you about your crypto.

Our crypto design is this -

1. The sender generates an AES-256 key for the transfer. 2. The receiver sends a public key to the sender. 3. The sender encrypts the AES key with the public key, and sends to the receiver. 4. The receiver decrypts the AES key. 5. The sender then sends all the bytes, encrypted with AES.

The point of using the AES key is that it's faster to encrypt/decrypt. The point of using the public/private keys is to get that key to the receiver in a secure way.

The transfer has a session key from our server so each peer can validate the identity of the other peer.

How's that sound?

If those steps are all of the protocol, this is vulnerable to a man in the middle attack. The way that that is done is by having Eve intercept the public key sent to the sender and instead sends his own. Then the sender sends Eve the AES key and Eve sends the recipient her own AES key accomplishing the man in the middle attack.

My understanding is that if the public key is transmitted from the receiver to the sender through our server instead of directly, that should be secure to MITM. This assumes that peer connections to our server are secure (SSL).

Does this meet with your understanding?

It may be a mistake on my part, but initially http://drop.io appeared to to resolve to your site. It would be helpful if you can confirm or deny this.

That's strange. We have nothing to do with drop.io.

I started using AeroFS for something like this, but it is about "syncing", while all the time I keep thinking it ought to be possible for these guys to do file sending as well.

Anyone AeroFS fans here?

I would like to use it at work but also personally from the same computer, so perhaps you could consider something like an account alias so I can link both to one WireOver.

You can now install WireOver at home with your personal email, and install it at work with your work email.

Why would you like them to be linked somehow?

It is minimalistic and that's great! You say it is P2P, so would I end up paying for someone else's traffic like torrents ? I didn't see anything in the settings though.

I guess it's peer-to-peer, not peers-to-peers, that means you can send/get files to/from one endpoint, not from multiple endpoints. It is kind of a private file-sharing tool, not a public one such as bittorrent. Just guess, it would be better confirmed by the OP.

How does this compare to something like Kicksend?

I noticed upon installation WireOver is connecting to logs.papertailapp.com - what kind of info are you logging?

We're logging exceptions and connectivity issues to help us troubleshoot problems.

We are NOT logging anything I think you'd be concerned about (this is our BE NOT ANNOYING principle at work).

When we get our Privacy Policy and Terms of Service up, it will be something to the tune of: you own your data, we don't; we don't share your personal information (unless the law requires); and, we don't store your files once they're delivered (bytes go P2P anyway most of the time, so our servers usually don't even see them anyway).

If you have a Pro (secure) account, your bytes will be encrypted in a way that even we can't decrypt. That's the kind of security we would want as users.

This makes a lot of bold claims.

Need to see some credibility or explanations for these claims before I trust it.

Do files download over HTTP or through the app on the recipients computer

Your recipient gets an email with a download link. The link downloads a downloader. You run it, it downloads your files, then it deletes itself, unless you elect to install WireOver.

Try it out and let us know what you think!

How's this one comparing to sendoid?

This one is available.

"NOTICE: The Sendoid service is no longer available." "Sendoid's web interface was disabled on Wednesday, March 7th."

I hope this is legit!