Skip to main content
SpectrShare

How It Works

How the P2P file transfer, data channels, video conversion, and privacy all work under the hood.

Published January 15, 2026 · Updated March 1, 2026

I built SpectrShare because I wanted to send files to someone without uploading them anywhere first. Just open two browsers, connect, and the file goes straight across. What started as a weekend experiment to stream video files with WebRTC grew into something much bigger than I expected. Becasue I'm a bit of a geek, I like to share how things work...

Peer-to-Peer Architecture

SpectrShare uses WebRTC Data Channels to establish direct browser-to-browser connections. All shared files are transmitted directly from the host's device to recipients without passing through central servers.

Data Flow: Direct P2P Connection

Host Browser

Your Files

Encrypted Transfer

Recipient Browser

Download & View

All data flows directly between browsers with DTLS encryption

Key Characteristics:

  • No server-side processing - Files are read directly from disk and transmitted to recipients; optional video conversion runs locally in the browser
  • Instant sharing - Files are available for download as soon as you click Share - no upload or processing wait
  • Ephemeral - All data exists only while the host's browser tab is open. Close the tab and everything is gone
  • End-to-end encryption - DTLS protects all data in transit
  • Rich viewing - Recipients can view images, play audio/video, read PDFs, Word documents, spreadsheets, emails, ebooks, and code files directly in their browser

File Transfer Protocol

File sharing is the core of the platform. Files are transferred as-is over WebRTC data channels - no processing or conversion required. The protocol is designed for reliable, streaming delivery of files of any size.

Binary Protocol

File data is sent as FILE_CHUNK messages (type 0x13) on the data channel, while metadata (file list, hash results, progress) flows as JSON on the control channel:

FILE_CHUNK: [type:1][fileIndex:2][chunkIndex:4][totalChunks:4][data:N]

The 11-byte header identifies which file and chunk position each message belongs to, enabling concurrent transfers and out-of-order reassembly.

Streaming Reads

The host never loads an entire file into memory. Instead, each 14KB chunk is read on-demand using File.slice():

  • • Only the current chunk occupies memory at any time
  • • Enables sharing files of any size without memory constraints

Download Strategies

The receiver selects the best available download method based on browser capabilities:

File System Access API (Chrome/Edge)

Writes chunks directly to a user-selected file on disk. Zero memory accumulation - supports files of unlimited size.

Service Worker Streaming (Firefox/Safari)

A Service Worker intercepts a synthetic download URL and streams chunks to the browser's download manager via a ReadableStream.

Blob Fallback (last resort)

Accumulates all chunks in memory, then triggers a download. Limited to roughly 500MB-1GB depending on the browser and device.

Integrity Verification

SHA-256 hashes are computed for each file and shared with recipients:

  • • Hashing runs in a Web Worker using the hash-wasm library
  • • Incremental/streaming hashing - never loads the full file into memory
  • • Recipients can view the hash for manual verification if preferred
  • • After download, the received file's hash is compared to verify integrity

Safety Features

  • • Executable warning: Alert shown before downloading potentially dangerous files (.exe, .bat, .msi, .dmg, .sh, etc.)
  • • Filename sanitization: Prevents path traversal, hidden files, reserved names, and non-ASCII issues
  • • Per-peer isolation: Each recipient has independent transfer state
  • • SVG safety: SVGs rendered via <img> tags only - embedded scripts are neutralized

Data Transmission Protocol

All data (both file chunks and optional video segments) is delivered over WebRTC Data Channels using binary protocols optimized for reliable delivery through various network conditions including TURN relay servers.

Dual Channel Architecture

Two separate data channels serve different purposes:

Data Channel

Unordered but fully reliable delivery. SCTP retransmits lost packets, but out-of-order delivery is permitted. File chunks (0x13) and video chunks (0x01-0x07) are multiplexed on this channel and routed by their type byte.

Control Channel

Ordered and reliable. Used for metadata exchange, file/segment requests, conversion status updates, and connection keepalive.

Flow Control

Data channels have limited buffer capacity. Exceeding it can crash the browser. SpectrShare implements strict flow control:

  • • High water mark: 16MB maximum buffer
  • • 60% threshold: 9.6MB - stop sending and queue messages
  • • Low threshold: 8MB - resume sending queued messages

Before every send operation, the current buffer level is checked. If it exceeds 60% of capacity, the message is queued instead of sent. When the buffer drains to the low threshold, queued messages are processed.

Request Queue System

The host maintains a per-peer request queue to prevent one slow recipient from blocking others:

  • • Each recipient has an independent queue
  • • Maximum 2 concurrent requests in flight per peer
  • • Request timeout: 15 seconds with up to 3 retry attempts
  • • Incomplete chunk data cleaned up after 30 seconds

Video Conversion

When the "Convert video files for in-browser viewing" option is enabled, video files are processed in the background to enable video on demand-like streaming with seek, quality selection, and buffering. For a deeper look at the challenges involved, see P2P Video Streaming in the Browser. This is entirely optional - video files are always available for direct download regardless.

Processing Pipeline

Source File

Codec Detection

Transcode

Segment

Storage

Strategy Selection

SpectrShare selects the optimal processing method based on browser capabilities:

  • Hardware-accelerated (primary) - Uses the WebCodecs API via the Mediabunny library for GPU-accelerated encoding and decoding. Processes a typical 1-hour video in minutes.
  • Software fallback - Uses FFmpeg compiled to WebAssembly when WebCodecs is unavailable or fails. Comprehensive format support but significantly slower (CPU-bound and single threaded).

For incompatible audio codecs (E-AC3, AC3, DTS), only the audio track is transcoded while video is remuxed directly.

Output Format: H.264 Baseline

All video is encoded to H.264 Baseline Profile Level 4.1 for maximum compatibility:

video/mp4; codecs="avc1.42E029, mp4a.40.2"
  • • H.264 Baseline Profile provides maximum device compatibility
  • • Level 4.1 enables 1080p @ 30fps playback
  • • AAC-LC at 48kHz for universal audio support

Segmentation

The encoded video is split into independently-decodable segments:

  • • 3-second segments balance seeking granularity with network efficiency
  • • Each segment begins with a keyframe (required for independent decoding)
  • • Fragmented MP4 format: initialization segment (ftyp/moov boxes) plus media segments (moof/mdat boxes)

Progressive Storage & Bundles

Segments are written to the browser's Cache API immediately as they're processed, rather than accumulated in memory. This prevents memory exhaustion when processing long videos.

Processed videos can be downloaded as a .pvs bundle containing all segments, initialization data, and timestamps. These bundles enable re-sharing without re-processing.

Background Processing

Video conversion runs after sharing begins - files are immediately available for download while conversion happens in the background. Multiple video files are processed sequentially (one at a time) to avoid exhausting browser memory. Each file can be individually cancelled. When conversion completes, connected recipients are notified automatically and can start streaming.

Video Buffering and Playback

When video conversion is enabled, converted segments are fed to the browser's MediaSource Extensions (MSE) API for playback with seeking and quality selection.

MediaSource Extensions (MSE)

MSE is a browser API that enables programmatic feeding of media data to a video element:

  • • An initialization segment is appended first (contains codec parameters)
  • • Media segments are appended to a SourceBuffer for playback
  • • The browser handles decoding, rendering, and audio/video synchronization
  • • Each quality level has its own initialization segment

Buffer Management

The viewer maintains a forward buffer for uninterrupted playback:

  • • Target buffer: 45 seconds ahead of playhead
  • • Keep behind: 15 seconds (for seeking backward)
  • • Maximum buffer: 65 seconds (triggers trimming)

Buffer targets are automatically reduced when device memory is constrained. In emergency mode (>90% heap usage), buffer drops to 22% of normal size.

Seeking and Quality Switching

For converted videos, the platform supports instant seeking within buffered content and rapid loading of unbuffered positions. Quality switching allows recipients to select different resolution levels.

Accurate Seeking

Segment durations can vary slightly due to keyframe alignment. SpectrShare maintains a mapping of segment start times:

  • • An array stores the actual cumulative start time of each segment
  • • Binary search (O(log n)) finds the segment containing any target time
  • • This ensures accurate seeking even for multi-hour videos
  • • Each segment begins with a keyframe for clean decode at any position

Quality Switching

When a recipient selects a different quality level:

  1. All pending requests for the old quality are cancelled
  2. The new quality's initialization segment is fetched
  3. The SourceBuffer is reset with new codec parameters
  4. Segment loading resumes at the current timestamp
  5. Playback continues with minimal interruption

Privacy and Security

Privacy was a core goal from the start. Read more about why SpectrShare doesn't use cloud storage. The P2P architecture means files take the most direct path possible to recipients.

Direct P2P Connection

When network conditions permit, a direct connection is established using STUN for NAT traversal. You can test your connectivity to check your NAT type. All data flows directly between browsers.

Path: Host Browser → Internet → Recipient Browser

No intermediate servers see or process the content

TURN Relay (Fallback)

When direct connections fail (corporate firewalls, symmetric NAT), data is relayed through a TURN server. TURN is disabled by default and must be explicitly enabled.

Path: Host Browser → TURN Server → Recipient Browser

All data remains encrypted with DTLS - the relay server cannot decrypt or view content

Encryption & Integrity

  • • All WebRTC data channels use DTLS (Datagram Transport Layer Security)
  • • TURN credentials are ephemeral and short-lived
  • • No content is stored persistently on any server
  • • File transfers include SHA-256 hashes for integrity verification

Password Protection

Hosts can enable optional password protection on share sessions. This uses a challenge-response mechanism to ensure only recipients with the correct password can access the files.

Authentication Process:

  • 1. Host sends a unique, cryptographic random salt to the connecting peer.
  • 2. Peer computes a hash using the password and the received salt.
  • 3. Peer sends only the hash back to the Host for verification.
  • 4. Host verifies the hash matches expected value and enables the data connection.

The actual password is never transmitted over the network. Even if the signaling channel were monitored, the password cannot be derived from the exchanged hashes.

Signaling Server

Before a WebRTC connection can be established, both parties need to exchange connection information. The signaling server facilitates this initial handshake but does not participate in ongoing data delivery.

Signaling Server Functions:

  1. 1. Session management - Generates unique share IDs that recipients use to join
  2. 2. SDP exchange - Relays Session Description Protocol messages containing connection parameters (no file data)
  3. 3. ICE candidate relay - Forwards network address candidates to help establish direct connections
  4. 4. Presence notifications - Informs hosts when recipients join or leave

After Connection Establishment

Once the WebRTC connection is established, all data flows directly between browsers. The signaling server is only involved in the initial handshake and is never in the data path.

Open Source

SpectrShare is built on open source software. We gratefully acknowledge the following projects:

FFmpeg (LGPL-2.1+)

The optional video conversion fallback uses ffmpeg.wasm, a WebAssembly port of FFmpeg. FFmpeg is licensed under the GNU Lesser General Public License v2.1 or later.

FFmpeg source code is available at github.com/FFmpeg/FFmpeg. The ffmpeg.wasm build used here is unmodified from the upstream release.

Mediabunny (MPL-2.0)

The primary video conversion path uses Mediabunny, a pure TypeScript media toolkit licensed under the Mozilla Public License 2.0.

The remainder of the platform is built with MIT and Apache-2.0 licensed libraries including React, Vite, Tailwind CSS, Radix UI, and many others. A complete list is available in the third-party licenses file. See how SpectrShare compares to other file sharing tools.

Give it a go.