YeetFile

Encrypted file sharing and storage, honestly reviewed. What you get when you deploy a tool whose server can’t read your files by design.

TL;DR

• What it is: A self-hosted, end-to-end encrypted file sending service and file/password vault — ephemeral one-shot sends plus persistent storage, both with client-side encryption the server cannot reverse [1].
• Who it’s for: Privacy-focused individuals and small teams who need to send sensitive files without trusting a third-party server, and who want a zero-knowledge vault for file and password storage [1].
• Cost savings: yeetfile.com runs a hosted instance with optional paid upgrades; self-hosted runs on a cheap VPS with no per-transfer fees, no subscription, and no payment required at all [1].
• Key strength: Genuine zero-knowledge architecture — client-side encryption before anything reaches the server. No email required to sign up. Accepts BTC and Monero for the hosted service. CLI client covers every feature the web UI does [1].
• Key weakness: 309 GitHub stars and a single primary developer. Small community, sparse third-party coverage, AGPL-3.0 license restricts commercial embedding. No mobile apps.

---

What is YeetFile

YeetFile is two tools in one: a file and text sending service with expiring links, and a persistent file and password vault — both end-to-end encrypted. The GitHub description calls it “a self-hosted service for encrypted file sharing and storage” [1], which undersells the vault side. This isn’t just a one-shot send tool.

The send side works like Bitwarden Send or PrivateBin: upload a file or paste text, get a shareable link, recipient downloads without needing an account. You set an expiration (minutes, hours, or days, up to 30 days) and a download cap (max 10). Optional password protection on the link. Text transfers up to 2,000 characters cost nothing and require no account at all [1].

The vault side is closer to what Bitwarden does for password and file attachments: persistent storage organized into folders, sharing with other YeetFile users with read/write permissions per user, and no upload size limit [1].

The security claim that makes YeetFile worth evaluating: “All content is encrypted locally, and the server is incapable of decrypting any transmitted content.” [1] That’s architectural, not policy. You can verify it because the code is open source.

The project is built by Ben Busby — the same developer behind Whoogle, the self-hosted Google search proxy that’s hit 10K+ stars. YeetFile is newer and smaller (309 stars as of this review), but it has an official hosted instance at yeetfile.com, automated Go tests, web tests, and a vulnerability scan running in CI [1][2].

---

Why people choose it

Third-party reviews of YeetFile are essentially nonexistent — a 309-star project that hasn’t landed on the r/selfhosted front page or Hacker News yet. So instead of synthesizing reviews that don’t exist, here’s the honest case that gets made for it:

Versus Bitwarden Send. Bitwarden Send is the closest feature equivalent: expiring file or text links, optional password. Bitwarden’s advantage is that it’s bundled with a full password manager most people already run, and it has years of enterprise polish. YeetFile’s advantage is that it’s a standalone, fully self-contained service — no Bitwarden Cloud involved, no account required on the recipient’s side. If you want a single-purpose, zero-knowledge send tool you control entirely, YeetFile is cleaner.

Versus PrivateBin. PrivateBin handles encrypted text pastes and small file attachments, is battle-tested, and is widely trusted. YeetFile adds the persistent vault that PrivateBin doesn’t have, plus CLI client and proper account management. If you need more than paste-and-go, YeetFile is the upgrade path.

Versus OnionShare. OnionShare sends files over Tor with no server at all — stronger anonymity, no persistence, no vault. YeetFile makes a different trade: it’s server-hosted, which means it’s accessible without Tor and supports the vault use case. Different threat models, not direct competition.

The no-email signup. YeetFile allows signup with an account ID only — no email required [1]. For a tool used by people who care about privacy, this is a meaningful feature most file-sharing tools skip.

BTC and Monero payments. The hosted service accepts Stripe, BTC, and Monero via BTCPay, with the ability to recycle the payment ID to detach your payment history from your account [1]. That’s a level of care about payment privacy that WeTransfer, Dropbox, and even Bitwarden don’t offer.

---

Features

YeetFile Send:

• Shareable expiring links — no recipient account needed [1]
• Expiration: minutes, hours, or days, max 30 days [1]
• Download limit: 1–10 per link [1]
• Optional password protection [1]
• Free text transfers up to 2,000 characters, no account required [1]

YeetFile Vault:

• Persistent file and password storage with folder organization [1]
• Per-user sharing with read/write permissions [1]
• No upload size limit [1]

Accounts and access:

• Email optional at signup — ID-only registration supported [1]
• Text sends require no account at all [1]
• Two-factor authentication [1]
• Server-specific password support for self-hosters who want to gate access to the whole instance [1]

Technical:

• REST API [1]
• Webhooks [1]
• PostgreSQL backend, Docker Compose deployment [1]
• Storage backends: local filesystem, Backblaze B2, or any S3-compatible provider (AWS, Wasabi, MinIO) [1]
• CLI client available as a release binary, covers all web features [1]

What’s missing:

• No native mobile apps documented
• No admin dashboard for team management
• No audit logging mentioned
• AGPL-3.0 means commercial embedding requires open-sourcing your modifications

---

Pricing: SaaS vs self-hosted math

Specific pricing tiers for yeetfile.com’s hosted service aren’t documented in publicly available sources reviewed here. The README describes “options to pay for vault/send upgrades” via Stripe, BTC, or XMR, implying a free tier with limits (text sends are free up to 2,000 characters) and paid tiers for vault storage or file send capacity. For current numbers, check yeetfile.com directly.

Self-hosted cost:

• Software license: $0 (AGPL-3.0) [1]
• VPS: $5–15/month — the Go server plus PostgreSQL runs comfortably on 1GB RAM for a small team
• Storage: bundled locally on the VPS, or Backblaze B2 at $0.006/GB/month, or Wasabi at $0.0059/GB

Comparison context:

• WeTransfer Free: 2GB limit, ads, no encryption, 7-day expiry
• WeTransfer Pro: $16/month, 1TB storage, server-side encryption only — not zero-knowledge
• Bitwarden Send: included in Bitwarden’s free plan for text; file sends require paid plan ($3/month), capped at 500MB per send
• Dropbox: $9.99–$16.58/month per user, no zero-knowledge encryption

For a small team sending sensitive files on a recurring basis, self-hosting YeetFile on a $6 Hetzner VPS eliminates the monthly cost entirely and delivers actual zero-knowledge encryption that the SaaS alternatives don’t offer by default.

---

Deployment reality check

The README is direct about the install path: docker compose up starts a Postgres database and a server on http://localhost:8090 [1]. One command. That’s a cleaner getting-started story than most self-hosted tools.

What you actually need:

• Linux VPS — 1GB RAM is likely sufficient for personal or small-team use
• Docker and docker-compose
• A domain and reverse proxy (Caddy or nginx) for HTTPS
• Storage decision: local disk, Backblaze B2, or S3-compatible

Storage is a single environment variable:

• YEETFILE_STORAGE=local — simplest, files stay on your disk
• YEETFILE_STORAGE=b2 + Backblaze credentials
• YEETFILE_STORAGE=s3 + S3-compatible credentials

Kamal deployment is also documented in the README for teams using that deploy toolchain [1].

Email registration: Optional. You can run in ID-only mode, but if you want email-gated signups or account recovery, you’ll need SMTP configured.

Realistic setup time: For someone comfortable with Docker and nginx: 20–45 minutes to a working HTTPS instance. For someone who’s never managed a Linux server: not the right tool without help. There’s no one-click installer.

License flag: AGPL-3.0 is copyleft. Embed YeetFile in a product you distribute or host for paying customers, and you’re required to open-source your modifications. For internal team use it’s irrelevant. For building a product on top of it, get legal advice first.

---

Pros and Cons

Pros

• Genuine zero-knowledge architecture. The server cannot decrypt your content — architecturally, not by policy [1]. You can verify this because the code is open source.
• No email required. ID-only account signup is a real privacy feature, not a checkbox [1].
• Persistent vault plus ephemeral send in one tool. You don’t need Vaultwarden for storage and PrivateBin for sends — YeetFile handles both [1].
• CLI client covers everything. The web UI isn’t the only first-class interface [1].
• Crypto payments on the hosted service. Stripe plus BTC plus Monero via BTCPay, with recyclable payment IDs [1]. Most privacy tools don’t go this far.
• Simple Docker deploy. docker compose up and you’re running [1].
• Multiple storage backends. Local, Backblaze B2, or any S3 provider [1].
• Active CI with automated testing. Go tests, web tests, and vulnerability scanning [2].
• Established developer. Ben Busby built and maintains Whoogle — there’s a track record here.

Cons

• 309 GitHub stars. Tiny community, limited third-party guides, no Stack Overflow coverage. When something breaks, you’re largely on your own [1].
• AGPL-3.0, not MIT. Copyleft restricts commercial embedding in ways that matter if you’re building a product.
• No mobile apps. No iOS or Android client. The CLI helps, but it’s not the same.
• Hosted pricing opacity. Exact tier pricing for yeetfile.com is not clearly published in sources available for this review.
• Conservative send limits. Max 30-day expiration and max 10 downloads are intentional design choices but will frustrate teams expecting permanent share links [1].
• No audit logs or admin dashboard documented. Running this for a team and need to know who shared what? Not mentioned in the README.
• Single primary developer. No company, no funded team behind it. The project is active, but the bus factor is 1.

---

Who should use this / who shouldn’t

Use YeetFile if:

• You send sensitive documents to clients or colleagues and want the server to be provably incapable of reading them — not just “encrypted in transit.”
• You want a combined file vault and send service without deploying and managing two separate tools.
• Privacy-forward account design matters: no email required, crypto payments accepted.
• You’re comfortable deploying Docker and configuring a reverse proxy.
• You’re an individual or small team, not a company needing admin controls over 50 users.

Skip it if:

• You need a large support community and ecosystem of third-party guides. At 309 stars, you’re an early adopter.
• You need mobile apps for your team.
• You need audit logging or centralized admin control over who shares what.
• You plan to embed this in a commercial product you host for customers — AGPL makes that legally complicated.
• You need permanent file links with no expiration — YeetFile Send is explicitly ephemeral (max 30 days).

Skip it (use Vaultwarden instead) if:

• Your primary need is a full-featured password manager. Vaultwarden has a much larger ecosystem, more client apps, desktop clients, mobile apps, and broader team features.

Skip it (use PrivateBin instead) if:

• You just need zero-knowledge paste sharing with no account system and minimal deployment complexity. PrivateBin is simpler and more widely audited.

---

Alternatives worth considering

• Vaultwarden — self-hosted Bitwarden backend. Full password manager with file attachments, Send feature, mobile apps, desktop clients. Much larger community. Not zero-knowledge by default on its own but Bitwarden’s client-side encryption model is mature.
• PrivateBin — zero-knowledge encrypted paste and small file sharing. No vault, no accounts, no persistence. Simpler to deploy, longer track record.
• OnionShare — Tor-based file sending with no server. Stronger anonymity model, no vault, not accessible without Tor. Different use case.
• Send (Firefox Send forks) — Mozilla killed the original; open-source forks like send.vis.ee survive. Similar ephemeral send model, no vault, no CLI.
• Nextcloud — the comprehensive self-hosted cloud. Files, calendar, contacts, and plugins for everything. E2EE is available but not default; much heavier to operate.
• Seafile — self-hosted file sync for teams. Not zero-knowledge by default, better suited to large-file collaboration.

For a non-technical founder who needs zero-knowledge file sending, the realistic shortlist is YeetFile vs Vaultwarden Send. Pick YeetFile if you want standalone deployment, ID-only accounts, and crypto payment options. Pick Vaultwarden if you want a larger community, mobile apps, and a password manager bundled.

---

Bottom line

YeetFile fills a specific and real gap: a combined ephemeral send service and persistent vault where the server cannot read your content by design, with minimal friction to sign up and genuine thought given to payment privacy. The security architecture is the differentiator — not “we promise to protect your data” but “the server is architecturally incapable of reading it, and the code is open so you can check.”

The honest caveat is proportional to 309 GitHub stars: this is a young project with a small community and a single developer. Ben Busby has a track record with Whoogle, but YeetFile hasn’t been stress-tested at scale or widely peer-reviewed by the security community. If you’re storing genuinely sensitive data, read the security documentation at docs.yeetfile.com and evaluate the implementation before trusting this review.

For the right operator — a technically capable individual or small team that wants zero-knowledge file sharing and storage without WeTransfer’s terms of service or Dropbox’s pricing — it’s a clean, well-engineered option that deploys in under an hour. If you need mobile apps, audit logs, or a community that’s already solved your problem on Reddit, look at Vaultwarden with PrivateBin as a two-tool alternative. If you want to deploy it but don’t want to manage a server, that’s exactly what upready.dev handles for clients.

---

Sources

1. YeetFile GitHub Repository — README, release history, and license (Ben Busby, AGPL-3.0, 309 stars). https://github.com/benbusby/yeetfile
2. YeetFile CI Workflows — automated Go tests, web tests, vulnerability scanning. https://github.com/benbusby/yeetfile/actions
3. YeetFile Security Documentation. https://docs.yeetfile.com/security/
4. YeetFile Official Website — Homepage and server info. https://yeetfile.com