MakeSends uses end-to-end encryption to protect your files. All files are encrypted inside your browser before they leave your computer, and decrypted only on the computer of the receiver. Files are never decrypted along this path, leaving no possibility for hackers or surveillance agencies to obtain a copy of your original file.
This is significantly more secure than using HTTPS¹ and/or server side encryption, which decrypt your files along the way and thereby potentially expose your original (unencrypted) files.
The vast majority of services on the internet — such as common email, DropBox, Google Drive, Box, Microsoft OneDrive, Apple iCloud, weTransfer, or HighTail — are based on HTTPS, and therefore inherently weak. Alongside with only a handful other services, MakeSends offers substantially higher data security to protect your privacy or intellectual property.
Your files are encrypted using the password you provide. This same password is required to decrypt the files. To obtain high security, choose a long password that is hard to guess.
|Password strength vs. length||Lowercase
Seconds to crack (~ 30 bits)
e.g. manner center honey
Minutes to crack (~ 40 bits)
e.g. manner center honey useful
Months to crack (~ 60 bits)
e.g. manner center honey useful look cat
|Very high security
Centuries to crack (~ 100 bits)
e.g. manner center honey useful look
cat annually miracle kiss documentary
Note that your password is not transmitted to the server. Hence, we cannot recover your password (or your files) in case you forget it.
Please transmit that password in a secure way to your friend. You could tell him when you meet, or call him. Sending a text message is pretty good as well. Do not send the password to the same email address as the secure document, however.
MakeSends relies on industry-standard AES 256. AES is widely used, and has been tested thoroughly by cryptographers all over the world.
The makesends.com website and all of MakeSends's servers are located in Switzerland, and operated under Swiss law. Switzerland is a safe place with a healthy attitude towards privacy and civil rights.
- The encryption algorithms used in properly configured HTTPS connections offer high security. However, by the nature of HTTPS, files are decrypted on the server receiving them, where they are exposed to surveillance agencies and hackers. In addition, surveillance agencies can easily intercept HTTPS traffic using forged certificates. Other TLS-based protocols, such as FTPS or IMAPS, suffer from the same weaknesses.