How to: Use Onion Share for Ubuntu

OnionShare is a free software file sharing program created and maintained by Micah lee. OnionShare takes advantage of the Tor network to allow its users to maintain anonymity when sharing digital files.

OnionShare is needed because it works exclusively within the Tor network, meaning it is extremely improbable to track or attribute most network metadata to the people sharing.

If anonymity is your goal, be very careful about how you share the download link. Mainstream email providers, social media platforms, and chat clients all retain metadata and content.

Software tested

Ubuntu 15.10 Desktop x64
Tor Browser 5.0.4
OnionShare 0.8

Getting OnionShare

For those using Ubuntu, Micah made a PPA, or, Personal Package Archive, for easy downloading, installing, and updating. Presuming that you have administrative permissions (sudo), open a terminal window and perform the following:

sudo add-apt-repository ppa:micahflee/ppa
sudo apt-get update
sudo apt-get install onionshare

OnionShare uses a Tor connection made by Tor Browser to keep the OnionShare application as simple as possible. You will need to download Tor Browser from TorProject.org and have Tor Browser running before you launch OnionShare.

Note: More advanced users can use OnionShare in the command line by using the “–transparent” flag to use SOCK5 proxy, but that is out of the scope of this guide.

onionshare01

After OnionShare is installed, you can search for it by using Unity’s application launcher. Click on the “OnionShare” icon.

onionshare02

Using OnionShare

OnionShare will open, ready for you to drag and drop a file or folder into OnionShare. Drag your files or folders directly into OnionShare where it says “Drag and drop files here”.

onionshare03

Once you have selected the files and folders to share, click “Start Sharing”. OnionShare will automatically shrink the files and folders being shared to help reduce the download size. Wait for OnionShare to create a Tor hidden service for your current file share.

onionshare04

onionshare06

onionshare07

Click “Copy URL” to copy the Tor hidden service address. Share this link with someone that has or can download Tor Browser. You can test your own share in Tor Browser, too.

onionshare08

When you or the person you are sharing with tries to download your file via Tor Browser, a warning prompt will display. Be careful when downloading any files from the Internet, even if you trust the person sending them. Because you are the one sharing and testing this file, click “Download File”.

onionshare09

A second prompt will display asking you if you would like to open the file or to save it for later use. For our test, we will simply open the ZIP file with “Archive Manager”. Click “OK” to download and open the file.

onionshare10

Tor Browser will download you file. If you are testing your own file share, this means you are downloading it from yourself but through the Tor network.

onionshare11

The file sharer will be able to see when someone is downloading, or has downloaded, the files they have shared.

onionshare13

Once the download complete, Archive Manager will open, allowing you to extract the file.

onionshare12

OnionShare privacy benefits

  • OnionShare users are not personally identifiable.
  • OnionShare does not reveal user IP addresses or physical locations because of Tor.
  • Files shared over the Tor network are cryptographically authenticated and private.
  • The use of Tor hidden services prevents network traffic from ever leaving the Tor network, thereby preserving anonymity and complicating passive network surveillance.

OnionShare security warnings

  • OnionShare has not been subjected to an independent security audit.
  • An already-compromised computer system will typically defeat the privacy protections that OnionShare offers, such as screen-grabbing or keystroke logging malware.
  • OnionShare does not save share history. Only other operating system logs could provide evidence of sharing.
  • Active and passive surveillance techniques can still tell if you are using the Internet, and when, but not necessarily what you’re doing on the Internet.