AES-256-GCM · Zero-knowledge · Client-side
How FileShot protects your files, what we can and cannot see, and the security controls we use to prevent abuse.
Last updated: April 3, 2026 · Full whitepaper ↗
Validate the encryption flow yourself: Verify Encryption →
FileShot is designed to make sharing large files fast and simple without turning your files into a product. The main security goals are:
We assume attackers may guess or scrape links, upload malicious content, probe the API for weak endpoints, or attempt XSS via previews or filenames. No internet service can be hack-proof — the goal is to make attacks hard, noisy, and low value.
Your browser encrypts the file before upload. We receive only encrypted bytes and do not receive the passphrase. This means:
FileShot uses the browser's native Web Crypto API (window.crypto.subtle) for all cryptographic operations. No third-party cryptography libraries are used.
crypto.getRandomValues()
Files are encrypted in a streaming fashion using a custom container format called FSZK (FileShot Zero-Knowledge):
FSZK (4 bytes)
0x01
Each chunk is encrypted independently with a unique IV. The per-chunk IV is derived from a base IV by incrementing the last 4 bytes as a big-endian counter. This guarantees nonce uniqueness across all chunks without additional random generation per chunk, while allowing parallel decryption.
Streaming encryption means the browser never holds the entire plaintext file in memory. For a 1 GB file, peak memory usage is approximately the chunk size (512 KB) plus overhead — not 1 GB.
A 256-bit random Data Encryption Key (DEK) is generated in the browser using crypto.subtle.generateKey(). This key encrypts the file and is then encoded as Base64URL and placed in the share link's URL fragment:
https://fileshot.io/d/<fileID>#k=<base64url-encoded-key>Per RFC 3986, the URL fragment (everything after #) is never sent to the server in HTTP requests. This means:
When a user sets a password, the system uses a two-layer key architecture:
The server additionally stores a bcrypt hash of the password for an access gate (to prevent unauthorized download of the ciphertext), but this hash cannot be used to derive the encryption key. The actual decryption key only exists inside the user's browser.
Even with zero-knowledge encryption, a file sharing service needs some metadata to operate. Typical operational metadata includes:
We also maintain minimal security telemetry to prevent abuse (such as IP and user-agent in security logs). See Privacy Policy for full details.
File access is controlled primarily by a high-entropy link token. You can further harden access by:
Rate limiting and abuse controls make large-scale link guessing and scraping noisy and costly.
File previews are a common vector for web security issues — especially with HTML, SVG, and other "active" formats. To reduce risk, FileShot treats active content conservatively:
Always treat downloads as untrusted — especially executables, scripts, and macro-enabled documents.
We use layered controls to reduce malicious sharing and infrastructure abuse:
All uploads use zero-knowledge encryption, meaning the server only receives ciphertext. Content-based antivirus scanning is not possible on encrypted data. We rely on file-type enforcement, metadata analysis, and behavioral signals to detect and prevent abuse.
To defend the service and investigate abuse, we log security events such as rate limit blocks, authentication events, and suspicious activity. This is operational logging — not advertising — and is governed by our privacy policy.
Beyond client-side encryption, FileShot deploys multiple layers of transport and web security to protect users.
All connections to FileShot use TLS 1.2 or 1.3. TLS encrypts data in transit between your browser and our servers, providing an additional layer of protection on top of the client-side end-to-end encryption. Deprecated versions of TLS and SSL are not supported.
FileShot sends the Strict-Transport-Security header with a two-year max-age, includeSubDomains, and the preload directive. This ensures browsers always connect over HTTPS, preventing protocol downgrade attacks and cookie hijacking. FileShot is eligible for the HSTS preload list, which hardcodes HTTPS enforcement into browsers.
FileShot deploys the following security headers on all responses:
X-Content-Type-Options
nosniff — prevents MIME-type sniffing attacks
X-Frame-Options
DENY — prevents clickjacking via iframe embedding
Referrer-Policy
strict-origin-when-cross-origin — prevents leaking URLs to third parties
Permissions-Policy
Disables geolocation, microphone, camera, payment, and USB APIs — reduces attack surface
Cross-Origin-Opener-Policy
same-origin-allow-popups — isolates browsing context to mitigate Spectre-class attacks
Cross-Origin-Resource-Policy
same-origin — prevents cross-origin resource leaks
Content-Security-Policy
Monitors script sources, blocks unauthorized resource loading, reports violations
All cryptographic operations run via the browser's built-in Web Crypto API. This provides FIPS-validated cryptographic implementations maintained by browser vendors (Google, Mozilla, Apple, Microsoft) rather than third-party JavaScript libraries. The Web Crypto API operates on non-extractable key handles when possible, preventing JavaScript code from reading raw key material.
FileShot's zero-knowledge encryption library is open source and available for independent review on GitHub.
If you believe you have found a security vulnerability in FileShot, please report it privately so we can investigate and issue a fix before public disclosure.
See our dedicated Responsible Disclosure Policy ? for what to include in a report, our response timeline commitments, and researcher recognition.
Contact: security@fileshot.io
FileShot's primary infrastructure and file storage operate on servers located in the United States. Encrypted file content is not cached at the CDN layer — only static web assets are eligible for edge caching.
For zero-knowledge encrypted files: the decryption key exists only in the URL fragment — never transmitted to the server and never in logs. The encrypted bytes stored on US servers carry no intrinsic value without the key, regardless of which jurisdiction requests them.
Users with strict EU data residency requirements should consult our GDPR disclosure.