OnionShare
Developer(s) | Micah Lee, et al. |
---|---|
Stable release | 2.6.2
/ 21 March 2024 |
Repository | github |
Written in | Python |
Middleware | Tor |
Operating system | Linux, macOS, Windows, iOS, Android[1] |
Available in | 68[2] languages |
License | GPLv3 |
Website | onionshare |
OnionShare is an open source file sharing application using tor network to share files, available on most major platforms. It also lets users host websites and chat in a secure and anonymous manner. It uses peer-to-peer sharing over Tor network to preserve privacy and anonymity.[3][4][5][6]
Features
[edit]Its main features are:[7][8][6]
- Sending and receiving large files peer-to-peer over tor network.
- Chat ephemerally.
- Host a website.
The distinguishing feature of OnionShare is that users can do these things while maintaining anonymity.[3] So, sensitive document sharing and whistleblowing is a prime target audience of the app.[9]
Sending files
[edit]Sending large files over the internet is a hassle without centralized servers.[3][10] OnionShare made it easier to share files because of its peer-to-peer nature. This also circumvented surveillance, possible because of centralized services. The circumvention is allowed by hosting shared files on tor network.[11]
Hosting website
[edit]OnionShare allows hosting static websites without JavaScript from the app.[4] This feature became available as of version 2.2. These sites can be visited by any browser that supports .onion sites, such as Tor Browser.
Usage
[edit]OnionShare is most notably aimed at being used for sharing sensitive files and whistleblowing.[9][12]
History
[edit]OnionShare was released in 2014. Its initial release was hampered by RIAA and MPAA who wanted to limit peer-to-peer file sharing solutions. Lobby group such as RIAA and MPAA actively lobbied against peer-to-peer protocols and software that they had a hard time finding investment and development, hence why it took so long to release such a tool.[3]
In February 2019, OnionShare 2 was released. It came with macOS sandbox enabled by default, support for v3 onion services, translations etc. The .onion addresses were ephemeral by default, as always.[13]
In October 2021, OnionShare patched two low risk vulnerabilities which were uncovered in a security advisory by IHTeam.[14][11]
In December 2021, Radically Open Security published their penetration report of the audit conducted on OnionShare.[15][16] It was financed by Open Tech Fund and targeted version 1.1. The most impactful vulnerability found allowed to render arbitrary HTML inside the desktop application and a denial-of-service attack based on previously undisclosed Qt image parsing. 2 elevated, 4 low and 3 moderate severity issues were found. All issues were resolved before publication of the report.[16]
References
[edit]- ^ https://onionshare.org/mobile/
- ^ "Onionshare/Desktop/Onionshare/Resources/Locale at main · onionshare/Onionshare". GitHub.
- ^ a b c d Higgins, Parker. "The Troubling Truth of Why It's Still So Hard to Share Files Directly". Wired. ISSN 1059-1028. Retrieved 2022-07-05.
- ^ a b Legrand, David (2020-04-02). "OnionShare : partager des fichiers ou publier un site via Tor". www.nextinpact.com (in French). Retrieved 2022-07-05.
- ^ Hassan, Nihad Ahmad (2016). Data hiding techniques in Windows OS : a practical approach to investigation and defense. Rami Hijazi, Helvi Salminen. Cambridge, MA: Syngress. ISBN 978-0-12-804496-4. OCLC 958455645.
- ^ a b "Share Files Securely Over Tor Network With OnionShare". itsfoss.com. 24 August 2020. Retrieved 2022-07-20.
- ^ "Simple Online Security: Sending Messages and Files Safely". The New York Times. 22 April 2022. ISSN 0362-4331. Retrieved 2022-07-05.
- ^ "How To Share Files Anonymously Using Tor's Darknet And OnionShare?". Fossbytes. 2017-01-05. Retrieved 2022-07-05.
- ^ a b "Meet Onionshare, the File Sharing App the Next Snowden Will Use". Gizmodo. 2014-06-27. Retrieved 2022-09-10.
- ^ Greenberg, Andy. "Free App Lets the Next Snowden Send Big Files Securely and Anonymously". Wired. ISSN 1059-1028. Retrieved 2022-07-05.
- ^ a b "Golem.de: IT-News für Profis". www.golem.de. Retrieved 2022-07-05.
- ^ Hassan, Nihad A.; Hijazi, Rami (2017). Digital Privacy and Security Using Windows. Berkeley, CA: Apress. doi:10.1007/978-1-4842-2799-2. ISBN 978-1-4842-2798-5. S2CID 12194324.
- ^ R, Bhagyashree (2019-02-21). "OnionShare 2, an open source tool that uses Tor onion services for securely sharing files, is now out!". Packt Hub. Retrieved 2022-07-05.
- ^ "OnionShare: Secure communications platform used by whistleblowers and journalists patches data exposure bug". The Daily Swig | Cybersecurity news and views. 2021-10-05. Retrieved 2022-07-05.
- ^ "Golem.de: IT-News für Profis". www.golem.de. Retrieved 2023-07-27.
- ^ a b "2021 Penetration Test Report.pdf" (PDF).