Least Authority is pleased to announce the launch of Destiny, a free end-to-end encrypted application that allows you to transfer files without revealing your identity. The desktop app Mac, Windows, Linux is available for download via Github. The app for iOS/iPad OS is available via the App Store. The app for Android is available on GitHub the Google Play Store and F-Droid. If you are looking for Privacy Enhancing Technology (PET) alternative solution for your file transfer needs, we encourage you to use the app and provide feedback.
File transfers are end-to-end encrypted. Furthermore, Destiny allows users to transfer large files without needing to reveal their identity to each other or the service provider. No sign-up is required to use the app, a further privacy safeguard. In the interest of reducing the risk of security vulnerabilities being present in the application, it has been audited by Radically Open Security.
Users simply download the app, select a file from their device, and share a one-time code generated by the app with the intended recipient for safe delivery. The code, for example “7-guitarist-revenge”, is typed into the receiver’s device to establish a portal, which serves as a single use connection between the two devices. Both parties need to be online at the same time for the transfer to be successfully completed.
Once a file is transferred to the receiver, the portal/connection is closed. Destiny uses the “Magic Wormhole” protocol, which is designed to be the easiest possible way to get a file or directory safely from one device to another. To send multiple files, we suggest using a Zip file.
Least Authority’s work on Destiny fits squarely in our mission to support people’s right to privacy through security consulting and building secure solutions. We developed Destiny with the goal of developing user-friendly applications of Magic Wormhole that would be suitable for human rights defenders and other vulnerable communities. These groups are among the most vulnerable communities to IT surveillance and require impenetrable communication tools. We worked with such groups to do user testing and encourage these communities, in particular, to use our app and provide us with feedback.
What makes Destiny secure?
There are four key privacy and security-by-design features that make Destiny unique:
Minimal data collection: we do not ask for or know your personal information (Destiny is identity-less). You do not need to create a profile to use the app.
End-to-end encryption: files are encrypted, meaning only the sender and recipient can read them.
Files are not stored anywhere: we do not store and cannot open files that are sent using Destiny.
Full-strength keys: although our codes are short and human-memorable, they are part of an online “Password Authenticated Key Exchange” (PAKE) which allows only a single guess – and yields a 256-bit full-strength symmetric key.
Want to learn more about Destiny?
Visit the Frequently Asked Questions (FAQs) page for Destiny’s installation process, technical specifications, privacy and security details, and more.
The Destiny application code is open source. You can find it in the following repositories:
- Flutter app/front-end: https://github.com/LeastAuthority/destiny
- Client Library: https://github.com/LeastAuthority/wormhole-william
- Native extension library: https://github.com/LeastAuthority/dart_wormhole_william
- Mailbox (rendezvous) server: https://github.com/magic-wormhole/magic-wormhole-mailbox-server
- Transit relay: https://github.com/magic-wormhole/magic-wormhole-transit-relay
We want to hear from you! If you have any questions, feedback or would like to explore potentially integrating Destiny in your project, please contact us at firstname.lastname@example.org.