Data after the # in the url should not be sent to the http server by the client. Encryption/decryption is presumably handled in the users browser by JavaScript.
The statement about not having the ability to access the contents of the files is perhaps somewhat misleading as they do control the JavaScript that either creates the key or will be given access to the key when someone retrieves the file (by reading it off the end of the url).
When inevitably someone copy-pastes the url in to Google search will Google visiting the URL then cause the file to be deleted before the intended recipient can download it?
Are there other ISP based systems, say, that perhaps sample the head of a file for anti-malware purposes that might do the same?
https:// send.firefox.com/download/<$file_identifier>/#<$encryption_key>
Data after the # in the url should not be sent to the http server by the client. Encryption/decryption is presumably handled in the users browser by JavaScript.
The statement about not having the ability to access the contents of the files is perhaps somewhat misleading as they do control the JavaScript that either creates the key or will be given access to the key when someone retrieves the file (by reading it off the end of the url).