“You can send me the files via WeTransfer.” You have certainly heard this sentence many times before. Even large companies send their files with WeTransfer. But what about data security? Can unauthorized persons access the data?
What is WeTransfer?
WeTransfer is a service for data exchange (engl. = File Transfer). With the help of this service large files can be sent. The files are first uploaded in a cloud. The download link can then be shared with other people via email. The data is stored on the file sharing server for a certain period of time. The provider then deletes the files from the cloud again.
How to use WeTransfer
In the free version, users can send files up to 2 GB in size. A maximum of 3 recipients can be entered here, who can then download the content via a download link. However, the files do not remain available indefinitely. WeTransfer deletes these files in the free version after 7 days.
In the paid pro version a data transfer up to 20 GB is possible. You can send the files to up to 50 people.
Is the data transfer protected?
When asking about security it is important to know that some of the data is uploaded to servers in the USA. Although WeTransfer is based in the Netherlands, it uses storage locations in the United States. Therefore, not the GDPR of the EU, but the “Patriot Act” and the “Cloud Act” apply. These laws allow US authorities to access personal data. Your data is therefore not protected!
WeTransfer sent links to the wrong customers
In addition to the servers in the USA, sending the links for data transfer also has a security problem. In the summer of 2019, WeTransfer inadvertently sent large data to the wrong recipients. Here, download links were not only sent to the intended recipient, but also to third parties who could download the data. This gave unauthorized persons access to confidential data. WeTransfer reacted directly: The download was immediately blocked and all affected parties were informed. However, it is not known how many users were affected by this security leak.
Customers should therefore be aware of the risk of uploading and sending files via the file sharing system. Although it does not happen very often, it cannot be completely excluded that files could unintentionally get into the hands of unauthorized persons.
What users should consider
If you send large data via WeTransfer, you should be aware that this data is first uploaded to the provider’s cloud storage. Uploading to the platform and sending the links is usually encrypted. This process is therefore usually unscrupulous. However, it becomes more critical at the recipient’s location. Because he receives the e-mail in unencrypted form so that he can download the data. This creates a security gap in the file transfer, where foreign persons could intercept the mail and thus access the data.
To prevent possible misuse, you should not send unencrypted and sensitive data via the platform. This applies especially to personal data, company files, tax returns and private pictures and videos.
The alternative to WeTransfer is TeamDrive
TeamDrive is a secure alternative for the exchange of large files. TeamDrive can also be used to generate links (URLs) for files that you want to send, which can be sent by email. The recipient of the link can then download the file using a web browser. In contrast to WeTransfers, TeamDrive uses end-to-end encrypted data transfer, all data always remains in Europe, and the links can also be password protected. The sender always retains complete control over their data. All keys remain with the user and the cloud provider never gains knowledge of the data content.
Conversely, digital mailboxes (inboxes) can be set up very easily with TeamDrive to receive files. The user can turn any folder into an inbox, and a URL is generated for these folders. You can then send these to your customers, business partners or family. If someone wants to send them files, they can simply drag and drop them into the digital mailbox.
You can set up as many inboxes as you like. All can be protected with an individual password. In addition, further parameters such as permitted file types, file size and the number of files can be set.