Worried about government surveillance and cybersecurity? You could consider a different tool to transfer files directly between computers iStock

A group of software developers and cybersecurity enthusiasts have developed a new method of transferring files super securely from one computer to another, without requiring you use any physical or digital tool to make the transfer possible.

At the moment, if you want to give a colleague a file, you have a multitude of methods at your fingertips, but they all take work and require you to use some kind of tool. For instance, you could choose to transfer the file from your PC onto a USB memory stick or portable hard drive, give it your colleague, and they then transfer the file onto their computer.

Or you could upload the file to your email, WeTransfer, a Dropbox folder or a personal FTP server, and send them a link. Or, if they're on the same network, you could use a shared network drive. Or if their phone is next to your phone, you could use Airdrop.

These methods work, but they take a lot of steps, they create a record you might not want lying around (the USB memory stick) or they involve the file being transmitted through a third party, which potentially reveals the file to more people, servers or place than necessary.

Email is not encrypted and can be read by hackers, your email provider and potentially the authorities. You could add PGP encryption, but that's another hassle. All your files are seen and stored on the Dropbox server, and the link to that folder is not secure – it can be guessed by someone else.

Developer Brian Warner has created the Magic Wormhole, a software tool that lets you encrypt a file and send it to the other party's computer immediately. All the sender needs to do is give the recipient an invitation code consisting of a few simple words over the phone, chat messenger or email.

The recipient enters the invitation code into the program on their computer, and this gives the tool enough information for the two separate instances of the program on both PCs to find each other and transfer the file across.

The program is ideally designed for two people who are already having a conversation and just want to send a file over, and the key thing is that both clients need to stay connected as long as the file is being transmitted.

How it works

Magic Wormhole
The technology behind the Magic Wormhole could be useful in securing many other applications Brian Warner

Magic Wormhole, which has 21 contributors on Github, works in a similar way to the session control protocol (SCP), but the difference is that the sender doesn't need to specify a target hostname, the receiver doesn't need to authorise a public key before the transaction can commence, and the two machines don't need to be on the same network.

Instead, the software attempts to transfer the encrypted file by making a direct connection between the two computers from within the program using Password Authenticated Key Exchange (PAKE), a family of cryptographic algorithms that use a short password to create a stronger shared key.

The program is able to omit IP addresses and port numbers – the two software programs share the IP addresses of each client with the other in a message encrypted by the NaCl and SPAKE2 algorithms, and both clients first attempt to connect directly.

If this doesn't work, then the software tries to use a rendezvous server, which is a simple WebSocket-based relay that glues together two inbound transmission control protocol (TCP) connections and transfers data on each to the other.

"The notion of a "magic wormhole" comes from the image of two distant wizards speaking the same enchanted phrase at the same time, and causing a mystical connection to pop into existence between them," Warner writes on the GitHub project page.

"The wizards then throw books into the wormhole and they fall out the other side. Transferring files securely should be that easy."