For an E2EE alternative with no third party scripts, see https://wormhole.app (Disclosure: I built this)
Pixeldrain focuses more on distibuting files to large audiences than one-to-one file transfer. That's why it's not focused on encryption / privacy as much, everything is supposed to be public anyway.
I like Wormhole a lot. If I hadn't built my own alternative I would probably be using it regularly :-)
Are you still using any kind of decentralized storage technology on the backend?
I still have a Sia daemon running but it's not doing much. When the site still ran on Sia I had a lot of issues with the scalability of the Sia daemon. While it's still getting better, it's still not as scalable as I'd like. The team has shifted their focus to building a new decentralized internet and the original Sia software has not seen much development since. I might try their new Skynet daemon in the future to see if it scales any better.
I am still upholding your tradition of benchmarking new Sia releases from time to time. If you're curious, here are the latest results: https://siastats.info/benchmarking
I didn't realize the benchmarks were still going. That's cool! Thanks for carrying the torch. It's interesting to see how Sia's metrics have evolved over time.
An archived version of a non-functional version of the home page is here though: https://web.archive.org/web/20210911035325/https://pixeldrai...
Needless to say I'm going to be looking for alternatives again. If anyone knows of good hosting companies with unmetered 10 Gbps let me know.
I did notice one potential flaw in the way your API/website works, though, which is that raw access to the uploaded files is enabled regardless of content type. This allows people to use your website to host scripts and other malicious files that they can reuse to execute XSS attacks against other websites. This is mostly a problem for the other website (which would lack proper security headers) but it could lead to Google blacklisting your website for "hosting malware". Some phone scammers leverage websites like yours that try to provide a simple, cheap service to host their fake virus warnings and such.
I'd personally recommend against allowing text content to be directly accessible with a single GET request from another source.
You've set up some protections against this (rate limiting mode) but that could be circumvented by pointing a browser at the file viewer and placing something heavy on the F5 key. I'd personally also check the origin/referrer headers for files that aren't images or video and block their direct inclusion in some way.
If you're not paying for pixeldrain your files will always expire 30 days after the last time they're viewed. So even if someone uploads 500 GB the chance is very slim that it will still be there next month. As long as the files stay up they're generating ad revenue and I don't need to remove them.
If I had to guess I would imagine it to be the economics behind finding suitable hosting providers and pricing rather than something purely technical, but having never built anything like it this could be completely off-base. Maybe moderation of user content will become the big one.
Content moderation is already a big problem. It's what I spend most of my time on nowadays. There is a lot of crazy shit getting uploaded. Abuse reports are flying in from all corners of the internet. I'm working on automated systems for processing them. The most annoying part is that a lot of copyright management firms don't sign their e-mails with DKIM, so I can't verify that the sender address was not spoofed. This prevents me from fully automating the e-mail responses.
Recently I also responded to a question on HN asking about tech stacks, you can find that one here: https://news.ycombinator.com/item?id=28300657. Following the success of that post I thought I should show my project to everyone on HN.
