OnionShare is a free software file sharing program created and maintained by Micah lee. OnionShare takes advantage of the Tor network to allow its users to maintain anonymity when sharing digital files.
OnionShare is needed because it works exclusively within the Tor network, meaning it is extremely improbable to track or attribute most network metadata to the people sharing.
If anonymity is your goal, be very careful about how you share the download link. Mainstream email providers, social media platforms, and chat clients all retain metadata and content.
For those using Ubuntu, Micah made a PPA, or, Personal Package Archive, for easy downloading, installing, and updating. Presuming that you have administrative permissions (sudo), open a terminal window and perform the following:
sudo add-apt-repository ppa:micahflee/ppa sudo apt-get update sudo apt-get install onionshare
OnionShare uses a Tor connection made by Tor Browser to keep the OnionShare application as simple as possible. You will need to download Tor Browser from TorProject.org and have Tor Browser running before you launch OnionShare.
Note: More advanced users can use OnionShare in the command line by using the “–transparent” flag to use SOCK5 proxy, but that is out of the scope of this guide.
After OnionShare is installed, you can search for it by using Unity’s application launcher. Click on the “OnionShare” icon.
OnionShare will open, ready for you to drag and drop a file or folder into OnionShare. Drag your files or folders directly into OnionShare where it says “Drag and drop files here”.
Once you have selected the files and folders to share, click “Start Sharing”. OnionShare will automatically shrink the files and folders being shared to help reduce the download size. Wait for OnionShare to create a Tor hidden service for your current file share.
Click “Copy URL” to copy the Tor hidden service address. Share this link with someone that has or can download Tor Browser. You can test your own share in Tor Browser, too.
When you or the person you are sharing with tries to download your file via Tor Browser, a warning prompt will display. Be careful when downloading any files from the Internet, even if you trust the person sending them. Because you are the one sharing and testing this file, click “Download File”.
A second prompt will display asking you if you would like to open the file or to save it for later use. For our test, we will simply open the ZIP file with “Archive Manager”. Click “OK” to download and open the file.
Tor Browser will download you file. If you are testing your own file share, this means you are downloading it from yourself but through the Tor network.
The file sharer will be able to see when someone is downloading, or has downloaded, the files they have shared.
Once the download complete, Archive Manager will open, allowing you to extract the file.
OnionShare privacy benefits
- OnionShare users are not personally identifiable.
- OnionShare does not reveal user IP addresses or physical locations because of Tor.
- Files shared over the Tor network are cryptographically authenticated and private.
- The use of Tor hidden services prevents network traffic from ever leaving the Tor network, thereby preserving anonymity and complicating passive network surveillance.
OnionShare security warnings
- OnionShare has not been subjected to an independent security audit.
- An already-compromised computer system will typically defeat the privacy protections that OnionShare offers, such as screen-grabbing or keystroke logging malware.
- OnionShare does not save share history. Only other operating system logs could provide evidence of sharing.
- Active and passive surveillance techniques can still tell if you are using the Internet, and when, but not necessarily what you’re doing on the Internet.