Daily Post January 30 2026
Email Us |TEL: 050-1720-0641 | LinkedIn | Daily Posts
| Collaboration | Questions? | Monthly Letter | Monthly Blog | Our Partners |
Lufi
Something that we use here at mintarc. A really good simple tool. Sharing files has become an almost subconscious habit. However, the convenience of centralized cloud services often comes at the steep price of personal privacy and data sovereignty. This is where Lufi, an acronym for Let’s Upload Files Interactively, establishes its importance. Developed under the Hat Softwares umbrella by the Fiat Tux project, Lufi is a self-hosted file-sharing software designed with a "privacy-first" philosophy. That's different from mainstream services where the provider can theoretically access your documents, Lufi ensures that the server hosting the file has absolutely no knowledge of the file's content. It represents a shift toward decentralized, infrastructure, providing a tool for those who prioritize security without wanting to sacrifice the ease of a web-based interface.
Lufi is a web application that allows users to upload files and share them via a generated link. While this sounds like any other file-hosting service, the technical execution is fundamentally different. Lufi utilizes the Perl programming language and the Mojolicious framework, but its most critical operations happen within the user’s browser via JavaScript. When a user selects a file to upload, Lufi encrypts that file locally on the user's device before it is ever transmitted to the server. The encryption key is then appended to the URL as a "fragment" identifier. Because web browsers do not send the fragment part of a URL to the server during a request, the server storing the file never receives the key. Consequently, even a system administrator with full access to the Lufi server cannot view, read, or identify the contents of the files being hosted.
Features
Users can choose to have a file deleted after a certain number of days, or even after the very first download, which is often referred to as a "burn after reading" mechanism. This ensures that sensitive documents do not linger on a server indefinitely. Lufi supports the management of uploaded files through a dedicated interface for registered users, allowing them to manually delete files before they expire. The software also includes a "delay" feature, where a user can postpone the availability of a file, and it provides clear visual feedback during the upload and download processes, ensuring that the end-user experience remains intuitive despite the encryption happening in the background.
Value of Self-Hosting
The primary value proposition of Lufi lies in the concept of digital sovereignty. By hosting an instance of Lufi, an individual or an organization regains total control over their data pipeline. It is particularly valuable for journalists, activists, and businesses dealing with proprietary information who need to transfer files to external parties without relying on third-party terms of service. Because the software is lightweight and efficient, it can be run on modest hardware, such as a Raspberry Pi or a small Virtual Private Server, making security accessible to those without enterprise-level budgets. It eliminates the "middleman" in data transmission, ensuring that the path from sender to receiver is as direct and obscured from prying eyes as possible.
Licensing
Lufi is released under the GNU AGPLv3. This is a distinction for security software. The AGPL license ensures that the software remains free and open-source, but it goes a step further than the standard GPL by requiring that any modified versions of the software used to provide a service over a network must also have their source code made available to the public. This prevents companies from taking Lufi, making proprietary "secret" improvements to the security or tracking, and then offering it as a closed service. The license guarantees transparency, allowing the community to audit the code for vulnerabilities or backdoors. This transparency is the bedrock of trust in the cryptographic world, as it ensures that the "zero-knowledge" claims made by the software can be independently verified by anyone with the technical expertise to read the source code.
Lufi Versus Nextcloud
A common question arises for users who already utilize suites like Nextcloud: why would one need Lufi? The answer lies in the distinction between a "Swiss Army knife" and a "Scalpel." Nextcloud is an expansive collaboration platform designed for long-term storage, document editing, calendar synchronization, and team communication. It is a destination where data lives and grows. Lufi, by contrast, is a specialized tool for transit. Yes.. Nextcloud does offer file-sharing links, it is often overkill for a quick, secure transfer. Unless specifically configured with end-to-end encryption plugins which can be cumbersome, Nextcloud typically stores files on the server in a format that the server administrator can read. Lufi’s mandatory, browser-side encryption by default makes it inherently more "zero-knowledge" for quick external sharing than a standard Nextcloud setup.
Architectural Differences and User Experience
The architectural difference between Lufi and Nextcloud also affects the user experience for the recipient. Sending a file via Nextcloud often involves navigating a file system or permissions gate, and the recipient is interacting with your primary storage hub. Sending a file via Lufi is a "stateless" experience for the recipient; they click a link, the browser decrypts the file, and they save it. There is no overhead, no account creation required for the recipient, and no risk that they might accidentally gain access to other parts of your cloud storage. Lufi is designed to be a "drop-off" point a secure digital dead-drop. It does not attempt to manage your life or your documents; it simply moves a file from point A to point B with the highest possible level of cryptographic assurance.
Honestly its a really good tool that is worth looking at https://framagit.org/fiat-tux/hat-softwares/lufi/