Firefox Send uses Google's servers.

Initially posted to Reddit 8 months ago:

Firefox Send uploads files to, which resolves to, whose primary domain is (the “gcp” in Mozilla’s domain is also a dead giveaway since it stands for Google Cloud Platform). So Firefox Send is hosted on Google’s cloud servers.

My question is: why? Many people who use Firefox’s products have some degree of distrust toward Google, and just by using their servers, serious doubt is cast on the promise that expired files are truly permanently deleted. Maybe it’s deleted in Mozilla’s application, maybe it really is deleted from the hardware, but nothing is stopping Google from keeping backups because it’s their physical server, and we have no way of proving that it isn’t happening. This also makes me wonder if Firefox Sync and their password manager is also hosted on Google.

Even if the data is encrypted, depending on how long it’s kept and what kind of encryption it’s using (namely if it’s asymmetric or weak symmetric), it may be vulnerable to being broken by quantum computing, which Google has a vested interest in [apparently Firefox Send uses AES-128 which is in theory vulernable to quantum computing but at the moment is probably unfeasable even with a general purpose quantum computer], or more simply, if there are any flaws in Mozilla’s crypto implementation or their keys leak, it can be decrypted that way.

I just wanted to bring attention to that, and also ask why Mozilla has decided to go this route instead of using physical colocated servers or even using a cloud provider that isn’t a known enemy of privacy like Google or Amazon. Startpage uses physical servers [Note: I initially wrote this before Startpage was acquired by System1 and therefore became a lot more untrustworthy.], and I assume they are on a much tighter budget than Mozilla.


deleted by creator

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking is undesirable, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote closed source software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Be nice :)

Related communities

  • 0 users online
  • 34 users / day
  • 93 users / week
  • 166 users / month
  • 374 users / 6 months
  • 2142 subscribers
  • 989 Posts
  • Discussion
  • Modlog