up2.dev

End-to-end encrypted file transfer over a blind relay

live ↗github ↗
RustAxumRedisTypeScriptReactWeb Crypto

What it is

up2.dev lets you transfer files between browsers without them ever touching a server in plaintext. You get a human-readable 3-word room code, share it with the recipient, and files flow encrypted from one browser to the other. Sessions expire after an hour. Nothing is stored.

Why not WebRTC

The obvious choice for browser-to-browser transfer is WebRTC — it's actually peer-to-peer and skips the relay entirely. But WebRTC signaling is complex, NAT traversal is unreliable, and for the use case of "send someone a file" the complexity isn't worth it.

up2.dev uses a WebSocket relay instead. But because everything is end-to-end encrypted before leaving the browser, the relay is architecturally blind. The server routes bytes it cannot read. The privacy guarantee is the same.

Encryption

Key exchange uses ECDH on the P-256 curve, entirely through the browser's native Web Crypto API — no third-party crypto library. Both peers generate key pairs, exchange public keys through the relay, and derive a shared AES-GCM secret independently. The server never handles any key material at any point.

Files are split into 64KB chunks and each chunk is encrypted before being sent over the WebSocket. The relay sees ciphertext arrive on one connection and forwards it to another.

Backend

The backend is Axum (Rust) with Redis Pub/Sub for routing between sessions. When an encrypted chunk arrives from the sender, Redis fans it out to the receiver's WebSocket connection. No file data is written to disk. Redis is a message bus, not storage.

Sessions auto-expire after 1 hour via Redis TTL. There is no database.

Because session state lives in Redis and the Axum process is stateless, the backend scales horizontally — multiple instances can serve different connections as long as they share the same Redis for pub/sub routing.

Room codes

Rooms use 3-word codes from a mnemonic word list instead of UUIDs. They're easier to read aloud, type on mobile, and share without ambiguity. The code space is large enough that collisions aren't a practical concern for ephemeral sessions.