There is a contact form (https://nofile.io/contact/) where all content removal requests can be sent to.

All requests will be checked and the file will be taken down if the request is valid.

Neither the file type nor the content inside the files are being checked.

This issue must've been caused by something else. Were you able to upload other files?

AES-CTR is indeed what's currently being used. SJCL is definitely an option and we will compare the two to see if there are any large advantages to switching over, thank you for your suggestion.

The reason to why the content isn't being authenticated is due to memory issues in the browser, but we're close to adding a solution for that as well.

Overall the encryption feature is currently in BETA and there will be large amount of improvements before it's finalized.

Pastie sites experience similar problems. Personal details being released, messages from terrorist networks and mirrors to various disallowed content.

Thanks for reporting the issue. The XSS was related to the filenames.

Although most operating systems don't allow users to upload files containing greater-than/less-than symbols, it's possible to add them by tampering the requests and changing the filename.

From there you could change the filename to "<script>alert("xss")</script>" and run an XSS. This has now been patched by encoding the characters.

Once we're a bit more stable we'll be sure to release a bug bounty program.

Other users complained about this as well. A setting will be added which will disable the animations for those that find them annoying.

Any valid content removal requests that come in through the contact form will be obeyed.

This was an interesting read and we will do our best to avoid this fate.

Right now we're focusing on patching bugs and providing a stable service, but in the future a premium service will be created which targets heavy users.

PS You can change the status of the last active host in your list (Minus.com) to shut down as well.

I've been running a public file hosting site for 11 years, I've always treated it as a side project to use for playing with technology.

The primary reason it's still alive today is out of obligation to the URLs (2 million or so) that call it home. If you don't already find this fun and don't feel the same obligation, then you'll join the thousands of others littering the web with 404s.

Also, be aware that people will upload bad shit, and you can look forward to phone calls from the FBI and others.

The site is open source, maybe you'll find it useful: https://github.com/kudos/hostr

If we receive valid content removal request through our contact form then we will have to take the content down.

Judging by your username - is there a connection between you and the infamous file hosting site Oron that closed down a few year ago?

> If we receive valid content removal request through our contact form then we will have to take the content down.

Have you considered how much takedown requests you will get if your site becomes popular? It could be hundreds to thousands per day (some ex file hosters ITT could tell how much).

You'll need a whole lot of premium customers to cover the costs of reviewing the takeodowns.

nope.

These services (Mediafire, Zippyshare, Uppit) are among the best file hosting sites online, but unfortunately they have their issues too.

The problem being that you have to jump between different hosts depending on how large your files are and which features that you want to use (e.g Mediafire for larger files, Zippyshare from public PCs so you don't have to login, MEGA for sensitive files that you want to send securely, Dropbox when you don't want grandma's PC to get infected when you're sending her the videos from Christmas).

The goal is to create one single host that saves you from having to jump from each host and having to maintain dozens of accounts to bypass limits.