How to send files securely

Sending a file securely means making sure that only the person you choose can read it — not your email provider, not the file-sharing company, and not anyone who later gains access to a server. The reliable way to do that is end-to-end encryption: the file is scrambled on your device and can only be unscrambled on the recipient's device.

The short answer

To send a file securely: encrypt it before it leaves your device, deliver it directly to the recipient so no server keeps a readable copy, and share the “key” over a different channel than the link itself. A peer-to-peer, end-to-end encrypted transfer does all three automatically.

Why email and shared links often aren't secure

Two everyday habits feel safe but usually aren't:

• Email attachments. Standard email isn't end-to-end encrypted. Your attachment is copied across mail servers and stays in inboxes indefinitely — readable by providers and exposed if any account is breached.
• Cloud share links. A “anyone with the link” URL means the file lives on a server, often with a readable copy the provider can access, and the link can be forwarded, logged, or guessed long after you forget about it.

The common weakness is the same: a readable copy sits on a server you don't control, for longer than you need.

What “secure” really means: end-to-end encryption

End-to-end encryption (E2EE) means the file is encrypted on the sender's device and only decrypted on the recipient's device. Anything in between — servers, networks, relays — sees only unreadable ciphertext. A related idea is zero-knowledge: the service is designed so itcannot read your data even if it wanted to, because it never holds the decryption key.

Modern E2EE uses strong, standard cryptography such as AES-256-GCM, which both encrypts the data and detects any tampering. The security then comes down to one question: who holds the key?In a well-designed tool, only the two people in the transfer do.

How to send a file securely, step by step

1. Choose an end-to-end encrypted tool that encrypts in your browser and doesn't store a readable copy. (That's exactly what SaferDrop does.)
2. Pick the file and generate a link. The encryption key should live only in the link's URL fragment (the part after #), which browsers never send to a server.
3. Share the link and the code on separate channels. Send the link one way (e.g. email or chat) and the PIN another (e.g. a phone call or text). That way a single intercepted message is useless on its own.
4. The recipient opens the link and enters the PIN. The file streams directly to them and is decrypted on their device — no account, no install.
5. Confirm and move on. Once delivered, there's no lingering server copy to worry about.

A quick security checklist

• Is the file encrypted before it leaves your device (end-to-end)?
• Does the service avoid storing a readable copy?
• Is the decryption key kept out of the server (e.g. in the URL fragment)?
• Can you share a second factor (a PIN) over a different channel?
• Does the link expire instead of living forever?

If you can answer “yes” to all five, your transfer is genuinely private. SaferDrop is built so the answer is yes by default — see how it works or compare the Free and Pro plans.

Frequently asked questions