PINDROP BLOG

Google Releases Upspin Secure File-Sharing Tool

Google has published a new open-source tool called Upspin that enables users to share files and other content securely across networks without the need for uploading and downloading.

Unlike existing systems such as Dropbox or Google Drive, Upspin isn’t really a separate file storage and retrieval service. Instead, Google describes it as a global namespace that allows users to grant and restrict access to various files as they see fit. Files are named using the creator’s email address and then an extension for the specific file.

“Any user with appropriate permission can access the contents of this file by using Upspin services to evaluate the full path name, typically via a FUSE filesystem so that unmodified applications just work. Upspin names usually identify regular static files and directories, but may point to dynamic content generated by devices such as sensors or services,” Google software engineers said in a post announcing Upspin.

“Upspin looks a bit like a global file system, but its real contribution is a set of interfaces, protocols, and components from which an information management system can be built, with properties such as security and access control suited to a modern, networked world.”

The Upspin system is designed to give users a measure of security that isn’t necessarily available on typical file-sharing services. Google says that all of the files on the service are encrypted by default but users have the ability to revert to plaintext if they choose.

“The user keeps, in a private location not part of Upspin, a key that is used both during encryption of the data before it is written, and during decryption when read back. Both the encryption and decryption happen on the user’s client machine, not in the network or on Upspin servers. This is called end-to-end encryption, and prevents a snoop (or the storage server) from being able to read the user’s data by tapping the network or the storage server,” the Upspin documentation says.

“To share a file with a second user, that user must also be able to decrypt it. Upspin handles this automatically, using encryption techniques that allow two users to share encrypted data without disclosing their private keys to each other. The public keys of all users are registered in a central server to enable sharing even between strangers.”

Google engineers said the Upspin system is designed mainly for consumers, but may also have some applications in business environments. The tool is available on GitHub now but Google says it isn’t necessarily ready for a general audience at this point.