FileGrab’s end-to-end encryption keeps your files private by including the decryption key in the URL. This means the link itself is the key to your files. Here’s how to share encrypted links safely.
Understanding Encrypted Links
An encrypted FileGrab link looks like this:
https://filegrab.link/ABC123XY#key=aB3dE5fG7hI9jK...The URL parts:
filegrab.link/ABC123XY- The link ID (sent to server)#key=...- The encryption key (never sent to server)
The # and everything after it (the fragment) is never transmitted to any server. It stays in your browser and is used locally to decrypt files.
Why the Key is in the URL
This design means:
- Simple sharing - One link contains everything needed
- True privacy - FileGrab never sees the key
- Browser compatibility - Works in any browser
- No key management - No separate passwords to track
The tradeoff is that anyone with the full URL can access your files.
Secure Sharing Methods
1. Signal or WhatsApp (Recommended)
End-to-end encrypted messaging apps are ideal:
- Message is encrypted in transit
- Link isn’t stored on servers in readable form
- Sender and recipient verified
How:
- Copy the full FileGrab link
- Paste in Signal/WhatsApp message
- Send to recipient
2. In-Person or Phone
For maximum security, share verbally:
- Read the link over the phone
- Show on your screen in person
- Dictate the key portion
This avoids any digital trail.
3. Split Channel Sharing
Send parts via different methods:
- Email the base link:
filegrab.link/ABC123XY - Text the key:
#key=aB3dE5fG7hI9jK... - Recipient combines them
An attacker would need access to both channels.
4. Secure Note Apps
Use encrypted notes for sharing:
- Standard Notes
- Apple Notes (with locked notes)
- 1Password secure notes
Share access to the note rather than the link directly.
What to Avoid
Regular Email
Plain email is not encrypted:
- Messages may be stored on servers
- Could be intercepted in transit
- Often backed up unencrypted
If you must use email:
- Split the link and key
- Use encrypted email (ProtonMail to ProtonMail)
Slack/Teams (Unencrypted)
Workplace chat typically:
- Stores message history
- May be accessible to admins
- Could be searched/archived
For sensitive files, use a more secure channel.
Public Channels
Never share encrypted links in:
- Public Slack channels
- Discord servers
- Forum posts
- Social media
Anyone who sees the link can access your files.
URL Shorteners
Don’t shorten encrypted links:
WRONG: bit.ly/3xyz (loses encryption key)
RIGHT: full filegrab.link/ABC123XY#key=...URL shorteners strip the fragment, destroying the key.
Link Lifecycle Best Practices
1. Set Appropriate Expiry
Shorter expiry = smaller window if link is compromised:
| Sensitivity | Expiry |
|---|---|
| Highly sensitive | 24-48 hours |
| Sensitive | 7 days |
| Normal | 30 days |
| Reference | Forever |
2. Verify Receipt
Confirm the recipient accessed the files:
- Ask them to confirm
- Check download count in dashboard
- Then delete if no longer needed
3. Delete After Use
Once files are transferred:
- Confirm receipt
- Delete the link (Pro)
- Files and key are removed
4. Don’t Reuse Links
For new sensitive transfers:
- Create a fresh encrypted link
- New files, new key
- Limits exposure of any single key
Recovering Access
If You Lose the Link
The encryption key is only in the URL. If you lose it:
- FileGrab cannot recover your files
- No “forgot password” option
- Files are permanently inaccessible
Prevention:
- Save encrypted links in a password manager
- Keep a local copy of critical files
- Note links before sharing
If the Link is Compromised
If you suspect unauthorized access:
- Delete the link immediately (Pro)
- Create a new encrypted link
- Re-share via secure channel
- Review what was accessed
Sharing Encrypted Links: Checklist
Before sharing:
- Choose a secure channel (Signal, WhatsApp, phone)
- Set appropriate expiry time
- Save a copy of the full URL
- Verify recipient identity
After sharing:
- Confirm recipient received files
- Monitor download count
- Delete link when no longer needed
Pro Tips
Use Password Manager
Store encrypted links in your password manager:
- 1Password
- Bitwarden
- LastPass
This keeps them secure and searchable.
Label Links Clearly
In FileGrab dashboard, add descriptions:
"Client X NDA - Encrypted - Shared via Signal"
"Tax Docs 2024 - Encrypted - Expires 12/31"Combine with Password
For maximum security:
- Enable encryption (files encrypted)
- Add password (requires auth to access link)
- Share link via secure channel
- Share password via different channel
Triple-layer protection.
The Bottom Line
Encrypted FileGrab links are secure as long as you share them carefully. Use encrypted messaging apps, avoid public channels, and set appropriate expiry times. The link is the key - treat it accordingly.