🚀 Feature: Enforce expiration/limit for guest uploads

[lockheed]

It would be great if admin could set default and separate limits for uploads from unregistered users, ie:

• expiration time
• file size limit
• anonymous uploads per hour/day/week/month

This would make it far more abuse resistant.

[stonith404]

In my opinion Pingvin Share is only used by people that the hoster knows so quotas are not necessary. Why should someone upload to your Pingvin Share instance that you don't know, he/she could easily use an other public service like WeTranfer.

Do you have a specific use case for anonymous users?

[lockheed]

Bots. Finding an instance URL and filling it up with junk or illegal/malicious content.

[stonith404]

That's true but I meant, why should you even enable anonymous shares? Do you have a specific use case for enabling it?

[lockheed]

Because I want to exchange files with people who are not technical, and asking them to create and account makes them not willing to share files.

[stonith404]

That's a good point. Limiting the expiration time and the share size limit are possible to implement but limiting the anonymous uploads is in my opinion not possible because how should we identify the anonymous user?

[lockheed]

I mean limit for all anonymous users, so if there is one anonymous upload, there cannot be another one within X hours/days/weeks. No matter if it's the same person or not.

[EgonHeuson]

Agreed, this would be a great feature, and actually, I'd love to be able to set up the same limitations to registered users. Most of the times, my friends forget to remove their uploaded files. Actually that's why they use services like WeTransfer. They upload, share, and then never have to think about those files again. Would this be possible?

[coaz]

For anonymus user, the limit could by based on the IP.

[stonith404]

@coaz I'm not really sure if this would be a nice solution because a VPN or proxy could easily be used to bypass the limit. Additionally if there are many people in the same network (like in a school or company) the limit would apply for all in the same network as they all have the same IP.

[iUnstable0]

Maybe I can do something like a captcha for public reverse share uploads. It wont stop all bots but some

[gill6151]

In my opinion Pingvin Share is only used by people that the hoster knows so quotas are not necessary. Why should someone upload to your Pingvin Share instance that you don't know, he/she could easily use an other public service like WeTranfer.

While I can see why Pingvin Share works well with people you know, it also can serve as a very solid base for an anonymous file uploading service. I would very much love to deploy it for that use case as it is the only file sharing service I know of with a clean and no bullshit interface but the only thing holding me back from doing so is the lack of enforced upload expiry times.

[EgonHeuson]

Maybe I can do something like a captcha for public reverse share uploads. It wont stop all bots but some

Would be amazing! :-D

[EgonHeuson]

In my opinion Pingvin Share is only used by people that the hoster knows so quotas are not necessary. Why should someone upload to your Pingvin Share instance that you don't know, he/she could easily use an other public service like WeTranfer.

While I can see why Pingvin Share works well with people you know, it also can serve as a very solid base for an anonymous file uploading service. I would very much love to deploy it for that use case as it is the only file sharing service I know of with a clean and no bullshit interface but the only thing holding me back from doing so is the lack of enforced upload expiry times.

Same for me. And also, even if you only open it to people you know, you have 2 main issues. First these people may just not know how much they can upload before making your server full, and most of the members of my family always forget to empty their trash on their computer, so that will fill up even more quickly the server. And second, if you want a service to be used, you need it as simple as possible. If my family members have to register on my file transfer system, but not on WeTransfer, they will go for the latter. Which is precisely what I want to avoid (due to privacy, energy saving, etc. reasons) if I self host such tools :-)

[ccrsxx]

One workaround that I use is to spin up another pingvin-share container on another port specifically for guests. This way you can have separate limits for Admin and Guest.