Magic Wormhole uses an end-to-end PAKE to create an encrypted transport between two points in the Internet, using a rendezvous server.
It doesn't store files, which is almost never what you want; it's not a way to send a file and have 10 or 100 people download it. But it's probably the best way to get a file through a bunch of arbitrary network controls, NATs, &c to a desired destination. There's a Go implementation as well:
I wish magic wormhole used federated rendezvous servers, was usable from within a locked down corporate network, had a .NET implementation with a pretty GUI so that even my mom could use it, came with all major OS by default and was as accepted as e-mail so that I can actually share files with everyone, not just my nerdy friends. Is that even remotely a realistic thought?
It does, except it removes a giant advantage of magic wormhole: True end to end encryption requiring only TOFU. The web version downloads JavaScript every time and unless a specific version is somehow pinned by default, you are in principle vulnerable to MitM attacks.
Considering that a small deviation from a cryptographic protocol could fully turn cipher text to plaintext in a revered tool frequently recommended in HN:
I don't know anything about croc, I haven't looked carefully at it, and don't recommend it (or have any opinion on it). Lots of smart people have looked at Magic Wormhole, which is one of the things that makes it neat.
This is a great way to make sure there are no alternatives to Magic Wormhole. If this attitude was common in web browsers, we would only have one software of its kind in every category. No choice for users whatsoever.
What's a good way to make sure of it? Not having any opinion of it, because I haven't looked at it?
There are a lot of alternatives to Magic Wormhole. Unfortunately, most of them are pretty sketchy. One thing I can say about Magic Wormhole: it's not sketchy.
This sounds like a slippery slope. No one is saying not to try anything else, they're saying to make sure and use stuff that is more likely to be safe. In the case of web browsers, we do only use like 4 or 5 out of thousands.
Since not everyone will click the link and read to the end of the post, it seemed worth pointing out that the vulnerability being commented on here was fixed: https://schollz.com/blog/croc9/
You seem to be missing the point. If I wanted to send a funny webm in a room on Discord or IRC for example, if I didn't want to upload it directly to Discord that is, I could use this with ShareX to upload it and get a link that's easy to share. It's not supposed to be secure. It has its place alongside Magic Wormhole just fine.
If you want to send a funny webm, use whatever you'd like. The comment to which I responded to said "no, this isn't the same use case, because Magic Wormhole makes you install something". If they'd said "this isn't the same, it's supposed to be OK for this to be grievously insecure", I'd have shrugged and moved on.
This rant is pretty silly. Nick Lamb's took the time to refute it on that thread; you should acknowledge that before continuing to cite your thread as if nobody had corrected you.
https://github.com/magic-wormhole/magic-wormhole
Magic Wormhole uses an end-to-end PAKE to create an encrypted transport between two points in the Internet, using a rendezvous server.
It doesn't store files, which is almost never what you want; it's not a way to send a file and have 10 or 100 people download it. But it's probably the best way to get a file through a bunch of arbitrary network controls, NATs, &c to a desired destination. There's a Go implementation as well:
https://github.com/psanford/wormhole-william
... which is what I use most of the time. If you haven't played with it, I highly recommend it.