Firefox Send Is Gone - Here Are Secure Replacements
Firefox Send was discontinued in 2020 and has not come back, so if you still have a
send.firefox.com link bookmarked, it's dead. The good news: the features that made
Send worth using - a link that works for a single download, an expiry, an optional password -
all exist in 2026, spread across a few different tools. This guide walks through what happened,
what to use instead, and the one lesson from Send's demise that should shape which replacement
you trust.
What happened to Firefox Send
Mozilla launched Firefox Send in 2019 as a free, encrypted file-sharing service. In July 2020 Mozilla suspended it after security researchers and journalists documented that attackers were leaning on Send to host malware payloads and to stage phishing pages - the encrypted, short-lived, no-account links that made Send convenient for ordinary users also made it convenient for abuse, and hard to police. In September 2020 Mozilla announced it was shutting Send down for good rather than re-launching it, and folded the team's effort into other work.
It's worth being precise about why: Send didn't fail technically. The encryption worked. It was decommissioned because there was no good answer to the abuse problem baked into its own design. Hold onto that - it's the whole point of the last section.
What made Firefox Send great
Send was popular for a short list of reasons, and any honest replacement has to cover them:
- Single-download links. You could set a file to be downloaded once and then expire. That's the "send it, it's gone" behaviour people actually wanted.
- Expiry. Links could be capped by a download count or a time window (up to a week), so a forgotten link didn't sit on the internet forever.
- Optional password. You could add a password so the link alone wasn't enough to open the file.
- No account, dead simple. Drag a file in, get a link, paste it. No signup friction for the sender or the recipient.
Notice that three of those four - single use, expiry, password - are about controlling the link after you send it, not just moving bytes. That's the part most "upload and share" services still get wrong.
The replacements, compared
There's no single drop-in clone, so here's the honest landscape. Each option is good at something; none does everything Send did.
| Option | Single-use link | Password / expiry | Watch out for |
|---|---|---|---|
| Thunderbird Send (the revived, hosted descendant of Send's codebase) | Yes - download limits | Yes | The closest spiritual successor; tied to the Thunderbird/Mozilla ecosystem and still maturing. |
| OnionShare | Yes - "stop after first download" option | Password yes; expiry via auto-stop | Excellent for direct, no-third-party transfer over Tor - but you host it yourself, both sides need Tor Browser, and your machine must stay online for the whole transfer. Not a paste-a-link-and-walk-away tool. |
| Community Send forks (self-hosted copies of the original code) | Yes | Yes | The code is open, so forks exist - but public instances come and go, uptime is nobody's job, and an abandoned instance can disappear with your links. Fine if you run your own; risky if you rely on a stranger's. |
| Single-use-link services (e.g. Bottleneck) | Yes - enforced server-side | Yes - both as plain options | Hosted, so you trust the operator; the trade-off is no setup and an actual abuse process. File-size caps are deliberate. |
If you want the closest feel to old Send and don't mind a maturing product, Thunderbird Send is the natural first stop. If your priority is keeping the file off any third party entirely and you're comfortable with Tor, OnionShare is genuinely great at that narrow job. If you just want a link you can paste into an email and forget - that survives a tab close and comes with someone on the other end if something goes wrong - a hosted single-use service is the pragmatic pick.
Why abuse-safety is the real lesson
Here's the uncomfortable part most "Firefox Send alternatives" lists skip: Send died from abuse, not from a missing feature. The model of anonymous upload, encrypted blob, link that no one can trace back to a sender is exactly what malware distributors and phishers want. Any replacement that copies that model without copying the consequences is just waiting to repeat the same story - get popular, get abused, get shut down or blocklisted.
So when you pick a replacement for anything beyond throwaway personal files, look for the things that make a service durable rather than disposable:
- A sender identity. A verified sender behind each transfer means abuse has an owner, which is what keeps the service alive and off email blocklists.
- A working abuse-reporting path. If there's no way to report a malicious link, the only tool left is shutting the whole service down - which is what happened.
- Blocked executables. Refusing to carry
.exeand similar payloads removes the single most common abuse case before it starts.
This is the opposite of "anonymous" file sharing, and that's the point. You can have a link that opens once and then disappears and a service that's accountable enough to still be running next year. Those goals aren't in tension - pretending you can't see who sent what is what got Send killed.
A safe, single-use alternative
Bottleneck was built around exactly the part of Firefox Send people miss: you upload a file, get a link that works for a single download, and the file is purged from our servers after delivery - no inbox copy living forever, no link replaying after the first open. You can add a password and set an expiry as plain options, so a leaked link with no password and no deadline isn't just a public file.
We also strip hidden metadata server-side - EXIF and GPS from photos, document metadata from PDFs - before the file is delivered, then purge it. To be straight with you: because we process the file on our servers to do that scrubbing and to enforce single use, this is not end-to-end encrypted or zero-knowledge delivery. It's safe, accountable delivery - every transfer is tied to a verified sender, carries a report-abuse path, and executable file types are blocked. There's a practical upload cap of around 100MB, which is a deliberate safety choice rather than a limitation we're hiding. That accountability is precisely why a service like this can keep running where Send couldn't.
If you're sending something sensitive - a contract, an ID scan, a one-off document - and you want it to behave the way Firefox Send used to, you can send a file in a few seconds, or read the single-use signed URL API if you'd rather automate it.
FAQ
Is Firefox Send coming back?
No. Mozilla shut it down permanently in September 2020 after the suspension in July 2020, and has
said it won't relaunch it. The original code lived on as forks, and Thunderbird later revived a
hosted descendant, but the original send.firefox.com service is gone for good.
Why was Firefox Send shut down?
It was being abused to distribute malware and host phishing attacks. The encryption and
no-account convenience that helped legitimate users also shielded attackers, and Mozilla had no
sustainable way to police it - so it pulled the service rather than keep fighting the abuse.
What is the closest replacement to Firefox Send?
Thunderbird Send is the closest spiritual successor because it descends from the same codebase.
For self-contained transfers over Tor, OnionShare is excellent. For a hosted "paste a link and
walk away" experience with single-use enforced server-side, a service like Bottleneck fills the
gap.
Are these replacements anonymous?
Some self-hosted tools get close to it, but "anonymous" is exactly the property that got Firefox
Send shut down. A serious, durable service deliberately ties each transfer to a verified sender
and keeps an abuse-reporting path. Single-use and expiry protect the recipient and the link;
they aren't the same thing as hiding the sender.
Can I set a download limit and an expiry like Send had?
Yes. That combination is the core of what made Send useful and it's available in every option
above - for example, Bottleneck enforces single use server-side (the link returns "gone" after
the first download) and lets you set an expiry and password as plain parameters.