There's already a very good, popular encrypted file sharing system called Magic Wormhole, with implementations in multiple languages.
Damn, someone made wormhole.app and it does the same thing but is unrelated to magic-wormhole? That's seriously uncool.
What is uncool is that it's using AES-GCM in all of its 128 bit glory, which is subpar compared to just using libsodium like magic-wormhole does.
Please don't spread FUD. AES-GCM 128 is perfectly fine and it's standard for a reason.
AES-GCM is imperfectly fine and its standard has nothing to do with any of it. It's inferior in more than one way to the Chapoly-style ciphers in Sodium.
Case in point: it looks like if callers to your ECE library pass in a repeated salt through Keychain for any reason, you'll generate a duplicate nonce, which blows up GCM. There are authenticated ciphers that mitigate this problem (most commonly: by having a nonce wide enough that you can simply always generate it randomly without requiring callers to manage it); GCM, on the other hand, is the poster child for that flaw.
Since this is browser crypto, and not native execution like Magic Wormhole, all of this is irrelevant; the important distinction between the two projects isn't that one uses a lesser cryptosystem, but rather that the other uses real end-to-end cryptography and the other uses client-server cryptography pretending to be end-to-end.
> the other uses client-server cryptography pretending to be end-to-end
This is misleading and false. Wormhole.app uses end-to-end encryption.
To address the larger point – auditing a web app is indeed challenging with current web technologies. In the past, I experimented with a technique using App Cache to permanently cache a web app on first use [1]. Later, that technique was expanded into hyperboot [2] to give users the benefits of explicit, immutable versioning with control over upgrades using the html-version-spec while preserving the simplicity of passing around a URL.
With the impending removal of AppCache from most browsers, the web is currently missing a way to "pin" a site to a specific version and only update it with user consent. Service Workers come close but they mandate a 24 hour maximum cache time before refetching from the server.
We'd love to offer the usability benefits of web apps – you can give someone a URL and they can immediately load the app – with the security of installed apps – doesn't change without warning – once web standards catch up. This is something that I care deeply about.
In the meantime, use magic-wormhole if you prefer a locally-installed command line tool and you're sending files to someone who understands the command line. Use Wormhole.app if you want usable end-to-end encryption, similar to what Firefox Send used to provide.
There's at least one good desktop GUI for Magic Wormhole[0]. I've also recently released an Magic Wormhole Android app[1][2].
[0]: https://github.com/Jacalz/wormhole-gui
[1]: https://github.com/psanford/wormhole-william-mobile
[2]: https://play.google.com/store/apps/details?id=io.sanford.wor...