THIS PROJECT IS STILL IN EARLY DEVELOPMENT, USES EXPERIMENTAL
CRYPTOGRAPHIC LIBRARIES, AND HAS NOT HAD ANY KIND OF SECURITY OR
CRYPTOGRAPHY REVIEWS. IT MIGHT BE BROKEN AND UNSAFE.
Conceptually it's the same design as Magic Wormhole though all the technologies are different.
It's just a PAKE then you do a file transfer encrypted with the key you agreed using the PAKE.
PAKEs are very human friendly, they leverage a relatively weak secret (like "Monopoly Vegetable") that humans can deal with, to agree a good quality secret (like an effectively random 128-bit AES key) in such a way that both parties find out if the other party doesn't know the weak secret.
Because humans are bored easily you can use rather weak secrets safely - it's a natural rate limit. An adversary who guesses almost right "Cluedo Animal?" only gets told they're wrong, and after maybe two or three more attempts the legitimate parties are annoyed and refuse to keep trying so their adversary is foiled.
Machines wouldn't naturally use something like this because if a machine has a secure channel to another machine it can just move the 128-bit AES key, not waste time with some weaker human-memorable secret.
This technology won't hide the IP addresses of those communicating
A passive on-path adversary learns the size (perhaps not exactly but at least close) of the file transferred.
And of course an active adversary can prevent the file transfer by spamming the service with nonsense.
THIS PROJECT IS STILL IN EARLY DEVELOPMENT, USES EXPERIMENTAL CRYPTOGRAPHIC LIBRARIES, AND HAS NOT HAD ANY KIND OF SECURITY OR CRYPTOGRAPHY REVIEWS. IT MIGHT BE BROKEN AND UNSAFE.