Geek Side Blog‎ > ‎Archives‎ > ‎

2012-09-04 File Sharing - What you need to know

posted Sep 4, 2012, 7:43 AM by Boyce Crownover   [ updated Apr 20, 2016, 11:02 AM ]

File Sharing: The Basics, The Myths, Some Tips

Would you like to see photos that someone else wants to share?
How about sharing a whole gallery of music you wrote and sang?
What if you want to share your resume?

Sharing files is something that has been done from the very beginning of the internet and you're likely to want to do from time to time. There are many ways to share files and they vary in complexity and efficency and this guide will help you decide which choice is best for you. An additional concern is the legality of sharing and after reading this guide, you'll have a firm grasp of what you can do, what you can't do and when you're going to need to find out more.

Executive Summary:

Each of the methods of file sharing has benefits and drawbacks. The significant benefits are speed, security and the ability to ensure the other people sharing the file will be able to receive it. The significant drawbacks are software requirements, complexity and security. Choosing the best method is going to depend on how many people you need to share with, what you can expect from them and how secure you need to keep the data. HTTPS for example is complex to set up but fast, secure and widely compatible and an appropriate choice for a business with many clients. SFTP is far less complex to set up, secure and fast, but requires specific types of software be used by recipients and is appropriate for people who want to automate recurring secure file transfers.

In addition to the methods of sharing files, it is very important to learn about the legality of sharing files. There are some instances where sharing files is necessary and completely legal while sharing those same files in different circumstances may be illegal. Generally speaking, you cannot share anything which is copyrighted by someone else without special exemptions.

Simple methods:

Pros: Fast and easy for "one to one" or "business to you" file sharing
Cons: Quickly becomes expensive, fails with very large files, fails with very many files

The two easiest ways to receive a copy of a file from someone else:
1) Download it from your email
2) Download it from their web page

Terminology tip: downloading is the process of getting something from somewhere else onto your computer. Think of it as taking something 'down' from the isle in the grocery store and 'loading' it into your shopping cart. Uploading is the opposite process, think of it as taking something from your loaded cart and putting it back 'up' on the shelf.
Both processes are simple for you since getting email and browsing the web are the two most common uses of the internet. In the case of sharing a file by email, there is a cost incurred for the time it takes to move the data and the space it takes to store the file. It is compounded by the fact that email was not designed to manage files so they are turned into text making storing them and transmitting them significantly more costly than other methods. If you want to get a copy of a file from someone or share a file with someone and don't plan to do it more than once and if the amount of data you're sending isn't too large, then email is a simple and acceptable way to exchange copies. Be aware that email is not considered secure and while most companies do try to ensure that you're the only one that can get to your email, there is not built in security for the protocol. If you need to keep something secret, you shouldn't trust email for the job.

Getting a file from a web page is simple for the recipient. This is probably the most common method of file distribution since it allows companies to exercise some control over who has access to files and potentially manage security. The disadvantages are the complexity of setting up a web site, maintaining it, managing security and efficiency. Even if a website does everything extraordinarily well, the cost of distributing the file is still the same for every person who requests it. Fifty people downloading the file means fifty times the bandwidth will be used and potentially only being able to provide 1/50th of the available server speed to each requester. If you want a file that a company has decided to share as a link from a web page, then most of the time that's an acceptable method of getting the file. You should bear in mind that there is a difference between a secure connection and an insecure one and you should avoid getting anything you want secure from any web page where you don't see the lock icon.

Sharing files with someone else by setting up a webpage for someone else to access is a complex enough process that you really shouldn't plan to do it that way unless you have significant experience managing web sites including hosting charges, bandwidth fees, DNS management, certificate management and authentication scheme experience. If you're running a business where you specialize in that sort of management or can afford to hire someone with the skill set, then distributing files by hosting a website is the right decision when you want to ensure customers or partners have the easiest access possible.

Alternative traditional methods:

One of the early methods of sharing files was called FTP, which means simply File Transport Protocol. It works much like a web page does and requires similar expertise but has the advantage of being faster and less expensive to host than using the web (HTTP - HyperText Transport Protocol.) Running an FTP server is typically simpler than running an HTTP server. FTP has minimal security built into it in that it requires a username and password exchange, but the communication is not encrypted so it shouldn't be used for things that require strong security. The advantages are a lower cost, simpler configuration and widespread compatibility. Most web browsers will allow you to use and FTP link inside a webpage and many will handle the file management automatically so it is a good choice if you have many customers or partners but want to minimize your cost as a second priority.

Alternatively, if you want strong security with most of the benefits of traditional FTP there are three similar methods of setting up a server to allow file sharing. FTPS is FTP with encryption bolted on later. The methods of adding the encryption on vary and the tools that will work with it have to consider many different implementations so it can be complex to use FTPS successfully. If you are already running an HTTP server with FTPS capability, and can ensure that your clients are going to use software compatible with it, then FTPS is acceptable.

A very similar alternative is SFTP which is essentially a secure communication with FTP bolted on afterward. SFTP is actually easier to set up for the person who wants to share files and easier for the client to use since it has far fewer options that might make it complex. SSH servers like KypM are relatively easy to set up and some systems (Linux, Unix and Mac) come with support for it as a standard option. SSH is the secure communication protocol and the FTP part is just a minor addition. It is possible to use SSH without FTP added since SCP is the secure copy protocol that is built into it, but SFTP is usually trivial to enable as an addition and comes with a variety of useful additional features. Since SSH supports the ability to manage key based logins, most SFTP servers can be managed so that you can manage security without the client needing to share their information, making it even more secure than other options. If a client manages their private key correctly and you manage their public key correctly, clients can use a single key to allow access to multiple servers without needing to constantly put passwords in. The cost of transport is higher than with FTP but secure and lower than HTTPS or FTPS options in most cases.

HTTPS is the standard secure method of managing file distribution. The cost is significant both in management and registration, but is most compatible of all the options for securely sharing files with clients. If you're running an HTTPS server and want to offer files to clients then you've probably got the expertise necessary, however this is not something most people should use to share files with other people.

File Hosting Cloud Services:

If you want to share files with other people but don't want to incur the cost or learn how to manage your own server, then this is a pretty good compromise. You can take advantage of Dropbox,, Google Drive or in some cases if you want to share the right types of files, Flickr, Picasa or Youtube. There are many businesses who have taken their expertise and spending power and used it to make sharing files easier for the consumer. If you have files that you want to share and don't have a lot of computer and server expertise, then you can still make it easy for other people to access your files by using one of these offerings. Sites like Facebook, Google Plus, Flickr and Picasa make it easy to share pictures and Youtube and Facebook make it easy to share videos. Dropbox, and Google Drive (as a few examples) make it pretty easy to share files of nearly any type with other people. So long as you don't have particularly large files, need significant security, or do a whole lot of sharing, then using a hosting service from a cloud service provider is a good method. Companies should be careful to avoid trusting too much to the security of these types of offerings without a contract and you as a consumer should consider how secret your data needs to be before using them, but they're a great option for most people.

Peer-to-peer file sharing:

Sometimes someone will want to share files with a lot of people but not want to incur the financial or management costs of running their own server. One of the significant limitations of more traditional file sharing options is the speed with which you can transfer files from your computer (or server) to someone or many someones. With web pages and FTP type servers each client who wants a copy of a file has to share the total available bandwidth you have available which can be very costly to expand if demand is high. If you want to get a copy of large files or share many or large files, then file hosting cloud services may not be an option due to their rules or cost. Peer-to-peer file sharing is a method of sharing files that minimizes the cost and complexity of sharing large amounts of data.

A company or individual that wants to offer inexpensive or free software for example may not want to incur the cost of making files available through traditional methods. Peer-to-peer file sharing moves that cost to the consumer. Instead of the file to be shared coming directly from one source, the cost is spread across all the people who want to get a copy of the file. Large files are segmented into small pieces and indexed so that each client is both downloading and uploading pieces with other clients simultaneously. As a result a file that might be desired by 1,000 people is downloaded once from an original source then pieces of that file are downloaded from each client who wants the file from other people who are downloading the file at the same time. This way the speed of sharing is sped up according to how many people are wanting a copy at the same time without adding to the cost or speed limitations for the original provider.

There are several types of Peer-to-peer file sharing that have been popular and successful. Napster made the first significant inroads in the process by hosting a central system which allowed anyone to make available files they wanted to share with anyone interested in getting a copy. Napster was able to minimize their own costs while at the same time making files easy to share with thousands of people at a time. Later there were many alternatives created which overcame the limitations of Napster's methods of sharing files, some of which have been quite successful.

The most popular current technology is probably bittorrent. Bittorrent works essentially like Napster did; it makes a file available by providing an index of clients who are currently sharing or trying to share a file, but doesn't rely on a single source for the index. Anyone can download a bittorrent capable client and download files by finding someone who is providing the very small reference files responsible for directing you to other people sharing the desired file.

Legal considerations:

There is nothing inherently wrong with sharing files, but it is not legal to share all types of files. Napster and similar companies that have made sharing files with Peer-to-peer networks have often been shut down because they were found to encourage sharing files that the people sharing them didn't have legal rights to share. If you don't want to be bankrupted by lawsuits, it is important to know not only how to share files, but what kind of files you are legally allowed to download for your own use and to share with other people.

What you can do:

If you produce a file that contains something you have the rights to, such as your own resume, videos or pictures you nearly always have a right to share that file. Things that you own or create are yours to distribute as you please so long as doing so doesn't violate other very specific laws. You're nearly always allowed to share software that you build from scratch or modify according to licenses such as GPL which allow you to redistribute your work.

If you'd like to share pictures or video that you create then you're nearly always allowed to do so by whatever means you find most convenient. Web pages that you or your company create, software you build and things which specifically allow redistribution are typical examples.

Software like Debian Linux is often distributed by bittorrent to minimize cost and is completely legal both to download and share. Videos you create are usually legal to share with Youtube. Pictures you take are usually legal to share with Flickr, Google Plus or Picasa.

What you cannot do:
You are not allowed to distribute things which belong to other people who don't explicitly allow for redistribution. That means that you can't legally share songs, videos or software which you don't own rights to unless they're purposely exempted from that restriction by the original creators and owners.

Napster and many bittorrent hosting sites have been successfully sued for encouraging people to share things they didn't have a right to share.

Individuals have been successfully sued for sharing songs, videos and software they didn't have a right to share.

It is illegal to share certain types of software with entities in regions which aren't supposed to have access to that type of software. (Confusing? Yes, but there is a pretty easy to understand concept behind it.) Certain countries where specific ideas are deemed to have military value are prohibited from sharing those ideas in too much detail with other countries. Encryption is considered potentially critical to a country's military strategy so some countries don't allow software using certain types of encryption to be shared with countries which might be a potential enemy. For example, the US developed a variety of very secure methods of encrypting data that cannot be shared with many foreign countries. As a result, many of these types of secure encryption methods were duplicated independently in foreign countries without such restrictions so it is permissible to get encryption from places and share software using it with them, while at the same time it is illegal to share software containing US specific encryption that does the same thing with them. In some instances, it is illegal to download software from foreign countries that infringes on these types of laws specific to the US. (Many countries have similar laws, the US is used as a strong but not unique example.)

What you should research before doing:

If you create something that includes the work of someone else, then you need to research exactly what is allowable in your specific instance. If you're creating something built on software licensed under GPL and you want to redistribute it, for example, then you're not so much allowed as required to provide specific things if you choose to share.

If you produce a video which contains music owned by someone who doesn't allow redistribution, then you may not be allowed to redistribute it, or you may be allowed to, depending on how and how much was used. A video of your child singing along to a Prince song may not be legally uploaded to Youtube for example, but a skit where you use the same music to make a humorous satirical point may be.

The US and other countries have a concept of "fair use" which allows for to reuse works created by other people within specific limitations. Humor is a part of free speech which often allows someone to make fun of something which the owner may not approve of, but making a point with humor may be a right. Small portions of a work such as a song or video may be reproduced and shared without the consent of the owner for the purpose of journalism. Significant reproductions may be shared for the purpose of education which might not be require consent.

If your own work falls into one of these categories and you wish to share your work, then you need to research the fair use restrictions and allowances which pertain to the work you want to share in your legal environment.

Your own resume may be an example of such a work. If you are a musician with expertise in reproduction of music by Meatloaf for example, it might be legal to include clips of you playing provided the clips are short, but not legal to provide the full song. If you are an editor, it might be legal to provide short examples of your proposed editing of a popular novel, but not legal to provide large segments of the same thing.

What you might not realize you need to know:

There are some myths about file sharing which you need to be aware of.

Sharing something without making a profit does not make it legal. Many people believe that they can share songs, videos or articles created by other people so long as they don't plan to make a profit by sharing. Your intent to make a profit or not does not determine whether you are guilty of copyright infringement. There is an idea that sharing something for free limits the ability of someone else to control the rights to what they create. Sharing a music file for example might allow people who would purchase the file to get it for free and thus limit the value that producing the song would otherwise offer. Rights of redistribution are given to the copyright holder regardless of the intent of people who might want to share.

Sharing something with only your personal friends does not make it legal. Most copyright holders don't pursue lawsuits against someone who shares something interesting with a friend or co-worker, but it is still illegal to share something you don't have the right to share regardless of the size of the audience. Many small offices share emails and articles with each other without realizing they are infringing on the copyright holder's rights. Software is a particular issue since software producers have copyrights which limit the options for reusing software even if it is only with a small number of people.