OnionShare
Developer(s) | Micah Lee, et al. |
---|---|
Stable release | 2.6.2
/ 21 March 2024 |
Available in | 68[2] languages |
License | GPLv3 |
Website | onionshare |
OnionShare is an open source file sharing application using tor network to share files, available on most major platforms. It also lets users host websites and chat in a secure and anonymous manner. It uses peer-to-peer sharing over Tor network to preserve privacy and anonymity.[3][4][5][6]
Features
Its main features are:[7][8][6]
- Sending and receiving large files peer-to-peer over tor network.
- Chat ephemerally.
- Host a website.
The distinguishing feature of OnionShare is that users can do these things while maintaining anonymity.[3] So, sensitive document sharing and whistleblowing is a prime target audience of the app.[9]
Sending files
Sending large files over the internet is a hassle without centralized servers.[3][10] OnionShare made it easier to share files because of its peer-to-peer nature. This also circumvented surveillance, possible because of centralized services. The circumvention is allowed by hosting shared files on tor network.[11]
Hosting website
OnionShare allows hosting static websites without
Usage
OnionShare is most notably aimed at being used for sharing sensitive files and whistleblowing.[9][12]
History
OnionShare was released in 2014. Its initial release was hampered by RIAA and MPAA who wanted to limit peer-to-peer file sharing solutions. Lobby group such as RIAA and MPAA actively lobbied against peer-to-peer protocols and software that they had a hard time finding investment and development, hence why it took so long to release such a tool.[3]
In February 2019, OnionShare 2 was released. It came with macOS sandbox enabled by default, support for v3 onion services, translations etc. The .onion addresses were ephemeral by default, as always.[13]
On October 2021, OnionShare patched two low risk vulnerabilities which were uncovered in a security advisory by IHTeam.[14][11]
On December 2021, radically open security published their penetration report of the audit conducted on OnionShare.[15][16] It was financed by Open Tech Fund and targeted version 1.1. The most impactful vulnerability found allowed to render arbitrary HTML inside the desktop application and a denial-of-service attack based on previously undisclosed Qt image parsing. 2 elevated, 4 low and 3 moderate severity issues were found. All issues were resolved before publication of the report.[16]
References
- ^ https://onionshare.org/mobile/
- ^ "Onionshare/Desktop/Onionshare/Resources/Locale at main · onionshare/Onionshare". GitHub.
- ^ ISSN 1059-1028. Retrieved 2022-07-05.
- ^ a b Legrand, David (2020-04-02). "OnionShare : partager des fichiers ou publier un site via Tor". www.nextinpact.com (in French). Retrieved 2022-07-05.
- OCLC 958455645.
- ^ a b "Share Files Securely Over Tor Network With OnionShare". itsfoss.com. 24 August 2020. Retrieved 2022-07-20.
- ISSN 0362-4331. Retrieved 2022-07-05.
- ^ "How To Share Files Anonymously Using Tor's Darknet And OnionShare?". Fossbytes. 2017-01-05. Retrieved 2022-07-05.
- ^ a b "Meet Onionshare, the File Sharing App the Next Snowden Will Use". Gizmodo. 2014-06-27. Retrieved 2022-09-10.
- ISSN 1059-1028. Retrieved 2022-07-05.
- ^ a b "Golem.de: IT-News für Profis". www.golem.de. Retrieved 2022-07-05.
- S2CID 12194324.
- ^ R, Bhagyashree (2019-02-21). "OnionShare 2, an open source tool that uses Tor onion services for securely sharing files, is now out!". Packt Hub. Retrieved 2022-07-05.
- ^ "OnionShare: Secure communications platform used by whistleblowers and journalists patches data exposure bug". The Daily Swig | Cybersecurity news and views. 2021-10-05. Retrieved 2022-07-05.
- ^ "Golem.de: IT-News für Profis". www.golem.de. Retrieved 2023-07-27.
- ^ a b "2021 Penetration Test Report.pdf" (PDF).