.png)
4 hours ago
2
Email is still the world’s default way to send files—until it explodes with spam, “attachment too large” errors, lost docs, and platforms peeking at everything.
As a cybersecurity/GRC nerd, I got tired of chasing files across inboxes, portals, and sketchy upload forms just to get what I need, safely and privately.
Also, after auditing 100+ companies’ file-sharing systems (ISO 27001, PCI DSS), I realized:
92% of “secure” transfers still expose metadata
Employees waste 3.1 hours/week managing permissions
Every compliance officer I know is one mis-sent email away from a heart attack
Why isn’t there a simple, private way to receive files—where only you can open them, no logins required, and zero chance of inbox overload?
So I built Groostle: A privacy-first, secure “digital porch” where anyone can drop files for you—fully encrypted, no account needed, no platform snooping.
Groostle gives you:
Your permanent porch address (yourname.groostle.com) coming soon
Drop-off or pick-up: others send files, you pick them up (browser-side decryption, zero-knowledge)
No logins or signups required (for anonymous senders or recipients)
End-to-end encryption (XChaCha20 + Ed25519)
No metadata, no server-side plaintext, no tracking
Porches claimed in 20+ countries since private beta
Free tier, with pro and team features coming
Use Groostle for:
Client handoffs (freelancers, designers)
Legal & HR docs (lawyers, recruiters, accountants)
Anonymous tips (journalists, NGOs, researchers)
Or anyone tired of file-sharing chaos
It’s not fully launched, but you can claim a porch and try it right now. Would love to hear what breaks, what’s missing, or if this scratches your itch for private, frictionless file sharing.
We’re actively working to prevent “porch spam” and abuse:
1. Cryptographic “Knocks” (optional approval flow): Require senders to request access via a cryptographically signed “knock.” Porch owners can approve/ignore—think of it as a digital doorbell.
2. Client-Side Malware Scanning: All dropped files can be scanned in-browser (ClamAV + WASM) before you decrypt. Privacy is preserved—no file leaves your device—but you get real malware protection.
3. Auto-Expiring Links: Temporary porches (groostle.com/temp123) self-destruct after 24 hours or a set number of uploads, so they can’t be spammed or scraped indefinitely.
On the roadmap:
Per-IP rate limiting and smart abuse detection (with privacy-respecting analytics)
One-click “Do Not Disturb” mode (pause porch or require passphrase for drops)
User block/report system for repeat offenders
Invite-only porches for when you need maximum peace and quiet
If you’ve seen clever anti-spam patterns in other privacy/messaging apps, or have war stories about intake abuse, I’d love your suggestions.
Would love your feedback, honest takes, or ideas to make this something people actually want!
Comments URL: https://news.ycombinator.com/item?id=44362317
Points: 1
# Comments: 0
