FPV Frenzy

Spreading the FPV addiction

Is Sharedrop.io safe? To answer this, we have to look at how it works, what it handles, and where the risks live. The Peer-to-Peer Foundation

The Bad: Operational Risks You Must Accept

1. The "Same Network" Requirement is a Double-Edged Sword Sharedrop.io works over local Wi-Fi. This is safe on your home network but dangerous on public Wi-Fi (coffee shops, airports, hotels). On an unsecured public network, anyone with basic network sniffing tools (e.g., Wireshark) can see that a transfer is happening. While DTLS encryption protects the content, metadata (file names, sizes, device names) may leak via mDNS or signaling messages. Worse, a malicious actor on the same public network could attempt a man-in-the-middle (MITM) attack.

Security. ShareDrop uses a secure and encrypted peer-to-peer connection to transfer information about the file (its name and size) ShareDropio/sharedrop: Easy P2P file transfer ... - GitHub

  1. Never use on public Wi-Fi – Only on a trusted, password-protected network (home or work).
  2. Use a VPN – A VPN encrypts all traffic from your device to the internet, preventing local network snooping. However, note that a VPN can break WebRTC’s local network discovery; you may need to disable it temporarily or use split-tunneling.
  3. Scan files before opening – After receiving a file, manually scan it with an antivirus (e.g., Windows Defender, Malwarebytes). Even if you trust the sender, their device might be compromised.
  4. Update your browser – Ensure Chrome, Edge, Firefox, or Safari is on the latest version.
  5. Verify the recipient’s avatar – Sharedrop.io assigns a unique emoji/animal avatar and color to each device. Verify this visually with the person next to you to avoid sending files to a spoofed device.
  6. Avoid transferring sensitive data – Do not send tax documents, medical records, trade secrets, or password databases via Sharedrop.io. Use a verified end-to-end encrypted cloud service with audit logs (e.g., Proton Drive, Tresorit) instead.
  7. Close the tab after use – This kills the WebRTC peer connection and frees memory.
  • No end-to-end encryption explicitly stated for metadata
  • The site could be compromised or impersonated by a phishing domain (e.g., sharedrop.io vs fake variants)
  • Your IP address is visible to the other peer during transfer
  • No file size or content filtering – someone could send malware-named files
Share
Pin
Tweet