What SlothBox is, and why it exists.

SlothBox is an open-source, EU-hosted, end-to-end encrypted file transfer service. Drop a file, get a link, send the link, your recipient downloads. The bit that's different: the server cannot decrypt anything you upload, and you don't have to take our word for it — the entire stack is on GitHub under MIT.

Why this, and why now

WeTransfer scans your file and keeps a copy. Dropbox Transfer reads your content and runs through US infrastructure (Schrems II problem for EU users). ProtonDrive is end-to-end encrypted but paid, account-only, and has no quick-share for unauthenticated recipients. There is no good European, open-source, end-to-end encrypted file transfer with court-admissible delivery receipts. SlothBox aims at that gap, with a focus on the regulated professions where both confidentiality and provable delivery are statutory requirements.

Who built it

Hi — I'm Philip Sloth, a sole-proprietor developer based in Denmark. I build software where the security guarantees come from the architecture rather than a marketing page. SlothBox is one of two open-source reference builds I run alongside client work — the other is SlothCV, a free CV builder with similar trust-as-architecture discipline.

Status

v0.1.0-alpha is a portfolio reference build. The cryptographic primitives (libsodium, age) are battle-tested, but the SlothBox integration has not yet been independently audited. Don't use this for high-stakes secrets until v1.0 + external cryptographer review. The full roadmap, exit criteria per release, and known gaps are in MILESTONES.md.

Why “sloth”

Slow on purpose. Encryption that's rushed is encryption that breaks. Every primitive in this stack is audited, every default is conservative, and every shortcut is documented as such. The brand is a reminder: trust earns itself slowly.

Built on a Hetzner CCX13 box in Falkenstein with eight other people's open-source projects holding it up. See /security for the threat model.