“P2P file sharing” used to mean public torrent networks, which is where the safety worries come from. Browser-to-browser transfer between two people you choose is a different thing entirely — closer to handing someone a USB stick than posting a file to a public swarm.
What protects you
- Encryption in transit. WebRTC data channels are encrypted by default (DTLS), so the file is scrambled as it crosses the network.
- No server-side copy.With Shafle the file streams directly between the two browsers and is never uploaded or stored, so there’s no database to breach and nothing retained after the transfer.
- No account.There’s no profile, email, or password to leak, because you don’t create one.
- Short-lived codes. The share code only exists to connect the two devices, and it stops working once the transfer is done.
- Optional password. You can password-protect a transfer, and the recipient must enter it before any file data is sent — so a leaked code alone isn’t enough to receive the file.
The honest risks
No method is risk-free. The real things to keep in mind:
- Share the code with the right person.Anyone who gets the code while the sender is waiting could connect. Send it through a channel you trust, and don’t post it publicly.
- Trust the file you receive. As with any transfer, only accept files from people you trust, and scan anything unexpected.
- Endpoint security.Encryption protects the file in transit, not a device that’s already compromised. Keep your devices patched.
So, is it safe enough for everyday files?
For sending documents, photos, and everyday files between your own devices or to someone you trust — yes. You get encryption in transit and, unlike cloud uploads, no copy left sitting on a server. To understand the mechanics, read how peer-to-peer file transfer works.