OnionShare is an open source file sharing application using tor network to share files, available on most major platforms. It also lets users host websites and chat in a secure and anonymous manner. It uses peer-to-peer sharing over Tor network to preserve privacy and anonymity.[3][4][5][6]

Developer(s)Micah Lee, et al.
Stable release
2.6.2 / 21 March 2024; 7 months ago (2024-03-21)
Repositorygithub.com/onionshare/onionshare/
Written inPython
MiddlewareTor
Operating systemLinux, macOS, Windows, iOS, Android[1]
Available in68[2] languages
LicenseGPLv3
Websiteonionshare.org

Features

edit

Its main features are:[7][8][6]

  • Sending and receiving large files peer-to-peer over tor network.
  • Chat ephemerally.
  • Host a website.

The distinguishing feature of OnionShare is that users can do these things while maintaining anonymity.[3] So, sensitive document sharing and whistleblowing is a prime target audience of the app.[9]

Sending files

edit

Sending large files over the internet is a hassle without centralized servers.[3][10] OnionShare made it easier to share files because of its peer-to-peer nature. This also circumvented surveillance, possible because of centralized services. The circumvention is allowed by hosting shared files on tor network.[11]

Hosting website

edit

OnionShare allows hosting static websites without JavaScript from the app.[4] This feature became available as of version 2.2. These sites can be visited by any browser that supports .onion sites, such as Tor Browser.

Usage

edit

OnionShare is most notably aimed at being used for sharing sensitive files and whistleblowing.[9][12]

History

edit

OnionShare was released in 2014. Its initial release was hampered by RIAA and MPAA who wanted to limit peer-to-peer file sharing solutions. Lobby group such as RIAA and MPAA actively lobbied against peer-to-peer protocols and software that they had a hard time finding investment and development, hence why it took so long to release such a tool.[3]

In February 2019, OnionShare 2 was released. It came with macOS sandbox enabled by default, support for v3 onion services, translations etc. The .onion addresses were ephemeral by default, as always.[13]

In October 2021, OnionShare patched two low risk vulnerabilities which were uncovered in a security advisory by IHTeam.[14][11]

In December 2021, Radically Open Security published their penetration report of the audit conducted on OnionShare.[15][16] It was financed by Open Tech Fund and targeted version 1.1. The most impactful vulnerability found allowed to render arbitrary HTML inside the desktop application and a denial-of-service attack based on previously undisclosed Qt image parsing. 2 elevated, 4 low and 3 moderate severity issues were found. All issues were resolved before publication of the report.[16]

References

edit
  1. ^ https://onionshare.org/mobile/
  2. ^ "Onionshare/Desktop/Onionshare/Resources/Locale at main · onionshare/Onionshare". GitHub.
  3. ^ a b c d Higgins, Parker. "The Troubling Truth of Why It's Still So Hard to Share Files Directly". Wired. ISSN 1059-1028. Retrieved 2022-07-05.
  4. ^ a b Legrand, David (2020-04-02). "OnionShare : partager des fichiers ou publier un site via Tor". www.nextinpact.com (in French). Retrieved 2022-07-05.
  5. ^ Hassan, Nihad Ahmad (2016). Data hiding techniques in Windows OS : a practical approach to investigation and defense. Rami Hijazi, Helvi Salminen. Cambridge, MA: Syngress. ISBN 978-0-12-804496-4. OCLC 958455645.
  6. ^ a b "Share Files Securely Over Tor Network With OnionShare". itsfoss.com. 24 August 2020. Retrieved 2022-07-20.
  7. ^ "Simple Online Security: Sending Messages and Files Safely". The New York Times. 22 April 2022. ISSN 0362-4331. Retrieved 2022-07-05.
  8. ^ "How To Share Files Anonymously Using Tor's Darknet And OnionShare?". Fossbytes. 2017-01-05. Retrieved 2022-07-05.
  9. ^ a b "Meet Onionshare, the File Sharing App the Next Snowden Will Use". Gizmodo. 2014-06-27. Retrieved 2022-09-10.
  10. ^ Greenberg, Andy. "Free App Lets the Next Snowden Send Big Files Securely and Anonymously". Wired. ISSN 1059-1028. Retrieved 2022-07-05.
  11. ^ a b "Golem.de: IT-News für Profis". www.golem.de. Retrieved 2022-07-05.
  12. ^ Hassan, Nihad A.; Hijazi, Rami (2017). Digital Privacy and Security Using Windows. Berkeley, CA: Apress. doi:10.1007/978-1-4842-2799-2. ISBN 978-1-4842-2798-5. S2CID 12194324.
  13. ^ R, Bhagyashree (2019-02-21). "OnionShare 2, an open source tool that uses Tor onion services for securely sharing files, is now out!". Packt Hub. Retrieved 2022-07-05.
  14. ^ "OnionShare: Secure communications platform used by whistleblowers and journalists patches data exposure bug". The Daily Swig | Cybersecurity news and views. 2021-10-05. Retrieved 2022-07-05.
  15. ^ "Golem.de: IT-News für Profis". www.golem.de. Retrieved 2023-07-27.
  16. ^ a b "2021 Penetration Test Report.pdf" (PDF).
edit