MW4ALL 2.0: Exploring the Product Potential of Secure File Transfer

Something that should be simple—sending files—is surprisingly hard at the moment. Aside from figuring out a reliable tool, whether it supports the file you want to send and whether the recipient can open it, there are also privacy and security concerns.

That’s why we started working on the Magic Wormhole for All (MW4ALL) project last year and are continuing to a second phase, MW4ALL 2.0, to support identity-free and secure file transfers utilizing Magic Wormhole as the protocol base. Through further generous support from the NGI Trust program we are now preparing to build a consumer product. We will announce more information on the product, including its name, soon. In the meantime we’d like to share an update about our progress with these projects and invite further feedback.


MW4ALL: What we learned in the first phase

User research

In 2020, we carried out a survey with 100 people across the European Union to determine their current file transfer behavior. The survey helped to determine the tools and methods participants use to transfer files to themselves and others, how they connect devices, and the advantages and disadvantages of the tools they use. We learned that people often use multiple tools for file transfers and make conscious choices about which to use when based on factors like: technical characteristics of the tool, intended recipient, and other experiences related to each tool.

The most notable factors mentioned were:

  • Ease of use
  • Speed
  • Ability to send larger files
  • Conversation already in that tool / forwarding something received through that tool
  • Security
  • Reliability
  • Receiver preference

How the Magic Wormhole protocol compares

Next, we assessed the Magic Wormhole protocol against the 200+ factors affecting participants’ tool choice. On this basis, we learned that areas where a product utilizing Magic Wormhole can make a specific difference for consumers are: ease of use, speed, support for large file sizes, security, and operating system/device agnosticism. While several challenges specific to the protocol remain, including the need for simultaneous online presence, the survey indicates that a product utilizing Magic Wormhole could be well-suited for a broad application of file transfers.

Image: Some of the key challenges the Magic Wormhole protocol can help address
Image: Some of the key challenges the Magic Wormhole protocol can help address

Recognizing the utility of Magic Wormhole as the basis for file transfers, we determined that there are use cases where Magic Wormhole has particular utility:

  • Sending to oneself (e.g., between personal devices)
  • Sending files to someone else in proximity
  • Sending large files
  • One-time file transfer
  • Privacy-focussed file transfer

Technical development

We also explored the technical developments that may be needed to scale the Magic Wormhole protocol. The goals we identified included: mitigating the single point of failure risks of the mailbox server, building a web implementation to improve ease of use, and reducing the challenges associated with the protocol requiring two computers being online at the same time for file transfers.

Market research

Lastly, as part of our market research we researched what tools have functional overlap with what a product utilizing the Magic Wormhole protocol could offer. In reviewing business models that align with our open source values, we identified a few models that have the strongest potential for a long-term sustainable product, which we will investigate further.


MW4ALL 2.0: Our progress with the second phase project

We are now six months into our 2.0 project, where we are preparing a consumer-facing product.

In this second project we are focusing on three aspects:

  1. Further needs-finding research and user testing for a product
  2. Developing a web-to-web file transfer product proof-of-concept, with alpha, beta and public release versions
  3. Developing a business model and a go-to-market strategy for a consumer product

One specific learning we mentioned before was that when people send a file, they are not always sure if others have the right app, device or operating system needed to be able to receive it. To meet this end we decided to adapt our use of the Magic Wormhole protocol for web connections, so that people sending a file do not need to worry if their peer can open it or if the intended recipient is willing and able to download and install software to receive it. Our team is therefore working on building in WebSocket support to the Magic Wormhole file transfer protocol and relay server, and developing a WebAssembly version for use in browsers.

We explored the various open source codebases to which Magic Wormhole has been ported, including its Rust and Haskell libraries, which we did in a previous project with the NLnet Foundation.  Due to our focus on the web-to-web transfer use case, we decided that the Go implementation, with gratitude to the author Peter Sanford (psanford) for his work, will be most suitable for use in supporting WebAssembly.

We are now close to completing an alpha version of the web application with which we will be able to do further user testing. We have already done one round of user testing with a Figma wireframe prototype (see image below). This has provided us with great insights into users’ file transfer needs and helped us determine potential usability improvements going forward.

Figma prototype wireframe screen
A screen from our Figma prototype

Although our focus is on a product offering web-to-web transfers for this project, we plan to explore options to offer downloadable mobile and desktop applications for added functionality and security in the future.

While development and design work continues, we also continue to explore the best business model for the product and we invite your feedback about which direction to go. We want to keep the supreme ease of use, speed, and the identity-free nature of file transfers, which precludes a business model that requires people to sign up or login. Throughout this process we will remain committed to our open source values to make sure everyone can benefit from the security and privacy advantages that the product will offer.

In the coming months, we will continue our work on our web product proof-of-concept, and introduce a consumer-focused name. Please stay tuned for further updates and get in touch if you have feedback or are interested in contributing/collaborating!

This project has received funding from the European Union’s Horizon 2020 research and innovation programme under the NGI_TRUST grant agreement no 825618.

Supported by Next Generation Internet