Comment by pypt

I'm working on https://aero.zip, a file transfer service designed to handle massive workflows (like raw video or huge project directories) directly in the browser without the usual speed caps or browser crashes.

The goal was to build something as fast as a native app but with the convenience of a web link. Some of the technical bits:

* Instant Streaming: Recipients can start downloading a file the moment the first chunk leaves the sender's computer. No waiting for the full upload to finish.

* Bespoke Chunking Protocol: To handle "unlimited" file counts (tested into the millions), we group small files into larger chunks and split massive files down, so many small files and a few large files can get transferred at similar speeds.

* Auto-Resume: Both uploads and downloads automatically resume from the exact byte where they left off, even if you switch networks or close/reopen your laptop.

* E2EE via Web Crypto API: Everything is AES-GCM-256 encrypted. The secret key stays in the URL fragment (after the #), so it never gets sent to our servers.

* Zero-Knowledge Auth: We use the OPAQUE protocol for logins, meaning we can authenticate users and store their encrypted Data Encryption Keys (DEKs) without ever seeing their password or having the ability to decrypt their files.

* Passkey + PRF: We support the WebAuthn PRF extension. If your passkey supports it (like iCloud Keychain or YubiKeys), you can decrypt your account's metadata without the password.

* On-the-fly Zipping: When a recipient selects multiple files, the browser decrypts and zips them locally in real-time as they stream from our server.

* Performance: Optimized to saturate gigabit connections (up to 250 MB/s) by maintaining persistent streams and minimizing protocol overhead.

Everything is hosted in Germany (EU) for GDPR compliance. I'd love to hear any feedback on the streaming architecture or the OPAQUE implementation!