[cap-talk] drop.io as Multi-Protocol Capability-Based Sharing

Toby Murray toby.murray at comlab.ox.ac.uk
Tue Jul 15 11:36:23 CDT 2008


Hi all on cap-talk,

I wanted to bring everyone's attention to drop.io: http://drop.io

drop.io is a new file sharing service whose apparent attraction is its
support for "privacy" -- the most obvious manifestation is the site's
lack of user accounts.

Ars Technica has a review here:
http://arstechnica.com/news.ars/post/20080715-hands-on-drop-io--private-easy-file-sharing-with-a-twist.html

What's interesting for this list is that one can use drop.io to achieve
Jed's dream of capability-based sharing by copy-and-paste of unguessable
URLs. Better yet, drop.io extends beyond the web to integrate with other
forms of internet communication, including email, RSS and the popular
sites. Even more amazingly, one can interact with their drop via the
phone and fax systems.

Here's a test drop that I've created:
http://drop.io/9e1fae32e5ddcb555038af978b69d08

A drop name -- everything after http://drop.io/ above -- uniquely
indentifies the drop. Anyone who knows the name can access the drop.
(drop.io includes some "password" features if people want more than just
unguessable URLs for protection as well but these are beyond the scope
of this note.) I've created this drop so that anyone (who knows the
name) can add content to it or remove content from it. Visit the link to
see what I mean.

Hence, that HTTP URL above is a capability to the drop. Anyone reading
this message now has access to this drop.

(Of course, one can create memorable drop names too. I just md5sum'd 4K
from /dev/random and stripped off characters that made my drop name too
long, in order to make the above unguessable.)

You can email content to the drop by emailing
9e1fae32e5ddcb555038af978b69d08 at drop.io

Hence, the capability protocol extends to email!

Of course, a few other features would go a long way to enabling one to
better get the capability-based goodness out of drop.io. In particular,
a means to create attenuated drop names would be useful -- e.g. "Create
a read-only drop that synchronises its contents from drop X", etc.

Jed, does this meet your criteria for capability-based sharing?

For all of the "capabilities-as-unguessable-URLs" fans out there,
including myself, would you use such a service to share private
information with a select group of trusted individuals, using only the
unguessability of the drop name for protection?

Cheers

Toby


More information about the cap-talk mailing list