OnionShare

Last updated
Developer(s) Micah Lee
Stable release
2.5 / 18 January 2022;2 years ago (2022-01-18)
Repository github.com/onionshare/onionshare/
Written in Python
Middleware Tor
Operating system Linux, macOS, Windows, Android [1]
Available in64 [2] languages
List of languages
English
License GPLv3
Website onionshare.org

OnionShare is an open source file sharing application using tor network to share files, available on most major platforms. It also lets users host websites and chat in a secure and anonymous manner. It uses peer-to-peer sharing over Tor network to preserve privacy and anonymity. [3] [4] [5] [6]

Contents

Features

Its main features are: [7] [8] [6]

The distinguishing feature of OnionShare is that users can do these things while maintaining anonymity. [3] So, sensitive document sharing and whistleblowing is a prime target audience of the app. [9]

Sending files

Sending large files over the internet is a hassle without centralized servers. [3] [10] OnionShare made it easier to share files because of its peer-to-peer nature. This also circumvented surveillance, possible because of centralized services. The circumvention is allowed by hosting shared files on tor network. [11]

Hosting website

OnionShare allows hosting static websites without JavaScript from the app. [4] This feature became available as of version 2.2. These sites can be visited by any browser that supports .onion sites, such as Tor Browser.

Usage

OnionShare is most notably aimed at being used for sharing sensitive files and whistleblowing. [9] [12]

History

OnionShare was released in 2014. Its initial release was hampered by RIAA and MPAA who wanted to limit peer-to-peer file sharing solutions. Lobby group such as RIAA and MPAA actively lobbied against peer-to-peer protocols and software that they had a hard time finding investment and development, hence why it took so long to release such a tool. [3]

In February 2019, OnionShare 2 was released. It came with macOS sandbox enabled by default, support for v3 onion services, translations etc. The .onion addresses were ephemeral by default, as always. [13]

On October 2021, OnionShare patched two low risk vulnerabilities which were uncovered in a security advisory by IHTeam. [14] [11]

On December 2021, radically open security published their penetration report of the audit conducted on OnionShare. [15] [16] It was financed by Open Tech Fund and targeted version 1.1. The most impactful vulnerability found allowed to render arbitrary HTML inside the desktop application and a denial-of-service attack based on previously undisclosed Qt image parsing. 2 elevated, 4 low and 3 moderate severity issues were found. All issues were resolved before publication of the report. [16]

Related Research Articles

<span class="mw-page-title-main">Onion routing</span> Technique for anonymous communication over a computer network

Onion routing is a technique for anonymous communication over a computer network. In an onion network, messages are encapsulated in layers of encryption, analogous to the layers of an onion. The encrypted data is transmitted through a series of network nodes called "onion routers," each of which "peels" away a single layer, revealing the data's next destination. When the final layer is decrypted, the message arrives at its destination. The sender remains anonymous because each intermediary knows only the location of the immediately preceding and following nodes. While onion routing provides a high level of security and anonymity, there are methods to break the anonymity of this technique, such as timing analysis.

An anonymous P2P communication system is a peer-to-peer distributed application in which the nodes, which are used to share resources, or participants are anonymous or pseudonymous. Anonymity of participants is usually achieved by special routing overlay networks that hide the physical location of each node from other participants.

The Invisible Internet Project (I2P) is an anonymous network layer that allows for censorship-resistant, peer-to-peer communication. Anonymous connections are achieved by encrypting the user's traffic, and sending it through a volunteer-run network of roughly 55,000 computers distributed around the world. Given the high number of possible paths the traffic can transit, a third party watching a full connection is unlikely. The software that implements this layer is called an "I2P router", and a computer running I2P is called an "I2P node". I2P is free and open sourced, and is published under multiple licenses.

A dark net or darknet is an overlay network within the Internet that can only be accessed with specific software, configurations, or authorization, and often uses a unique customized communication protocol. Two typical darknet types are social networks, and anonymity proxy networks such as Tor via an anonymized series of connections.

The Free Haven Project was formed in 1999 by a group of Massachusetts Institute of Technology students with the aim to develop a secure, decentralized system of data storage. The group's work led to a collaboration with the United States Naval Research Laboratory to develop Tor, funded by DARPA.

<span class="mw-page-title-main">Tribler</span> Peer-to-peer filesharing software and protocol

Tribler is an open source decentralized BitTorrent client which allows anonymous peer-to-peer by default. Tribler is based on the BitTorrent protocol and uses an overlay network for content searching. Due to this overlay network, Tribler does not require an external website or indexing service to discover content. The user interface of Tribler is very basic and focused on ease of use instead of diversity of features. Tribler is available for Linux, Windows, and OS X.

Garlic routing is a variant of onion routing that encrypts multiple messages together to make it more difficult for attackers to perform traffic analysis and to increase the speed of data transfer.

An anonymizer or an anonymous proxy is a tool that attempts to make activity on the Internet untraceable. It is a proxy server computer that acts as an intermediary and privacy shield between a client computer and the rest of the Internet. It accesses the Internet on the user's behalf, protecting personal information of the user by hiding the client computer's identifying information such as IP addresses. Anonymous proxy is the opposite of transparent proxy, which sends user information in the connection request header.

<span class="mw-page-title-main">TorChat</span> Anonymous instant messaging application

TorChat was a peer-to-peer anonymous instant messenger that used Tor onion services as its underlying network. It provided cryptographically secure text messaging and file transfers. The characteristics of Tor's onion services ensure that all traffic between the clients is encrypted and that it is very difficult to tell who is communicating with whom and where a given client is physically located.

<span class="mw-page-title-main">Tor (network)</span> Free and open-source anonymity network based on onion routing

Tor, short for The Onion Router, is free and open-source software for enabling anonymous communication. It directs Internet traffic via a free, worldwide, volunteer overlay network that consists of more than seven thousand relays.

Metadata removal tool or metadata scrubber is a type of privacy software built to protect the privacy of its users by removing potentially privacy-compromising metadata from files before they are shared with others, e.g., by sending them as e-mail attachments or by posting them on the Web.

<span class="mw-page-title-main">Retroshare</span> Free software

Retroshare is a free and open-source peer-to-peer communication and file sharing app based on a friend-to-friend network built by GNU Privacy Guard (GPG). Optionally peers may exchange certificates and IP addresses to their friends and vice versa.

<span class="mw-page-title-main">Digital privacy</span>

Digital privacy is often used in contexts that promote advocacy on behalf of individual and consumer privacy rights in e-services and is typically used in opposition to the business practices of many e-marketers, businesses, and companies to collect and use such information and data. Digital privacy can be defined under three sub-related categories: information privacy, communication privacy, and individual privacy.

GlobaLeaks is an open-source, free software intended to enable secure and anonymous whistleblowing initiatives.

<span class="mw-page-title-main">SecureDrop</span> Free software platform

SecureDrop is a free software platform for secure communication between journalists and sources (whistleblowers). It was originally designed and developed by Aaron Swartz and Kevin Poulsen under the name DeadDrop. James Dolan also co-created the software.

<span class="mw-page-title-main">Tor2web</span> HTTP proxy for Tor hidden services

Tor2web is a software project to allow Tor hidden services to be accessed from a standard browser without being connected to the Tor network. It was created by Aaron Swartz and Virgil Griffith.

<span class="mw-page-title-main">Roger Dingledine</span> American computer scientist

Roger Dingledine is an American computer scientist known for having co-founded the Tor Project. A student of mathematics, computer science, and electrical engineering, Dingledine is also known by the pseudonym arma. As of December 2016, he continues in a leadership role with the Tor Project, as a project Leader, Director, and Research Director.

The Torist was a literary journal first released in late 2015, published on the Tor anonymity network. It features short stories, essays and poetry. One of the reasons for publishing on Tor was to return to the idea of rummaging through antiquarian shops – "It gets back to the time when you had to find The Evergreen Review in the stacks at the vintage bookstore" – and the zine can only be accessed through Tor, a dark web site. Its founders are the pseudonymous G.M.H., named after the reclusive 19th-century poet Gerard Manley Hopkins, and Prof. Robert W. Gehl, who is a communication professor focusing on new media at the University of Utah. The two met on the dark-net social network Galaxy, and started collaborating in 2014, taking two years to produce the first issue of the journal. Submissions are made through the anonymous and open-source GlobaLeaks platform — intended for whistleblowing. The founders hope this anonymity can bolster creativity among submissions, and wish to show that anonymity online isn't only for illicit activities.

Riffle is an anonymity network developed by researchers at MIT and EPFL as a response to the problems of the Tor network.

References

  1. https://onionshare.org/mobile/
  2. "Onionshare/Desktop/Onionshare/Resources/Locale at main · onionshare/Onionshare". GitHub .
  3. 1 2 3 4 Higgins, Parker. "The Troubling Truth of Why It's Still So Hard to Share Files Directly". Wired. ISSN   1059-1028 . Retrieved 2022-07-05.
  4. 1 2 Legrand, David (2020-04-02). "OnionShare : partager des fichiers ou publier un site via Tor". www.nextinpact.com (in French). Retrieved 2022-07-05.
  5. Hassan, Nihad Ahmad (2016). Data hiding techniques in Windows OS : a practical approach to investigation and defense. Rami Hijazi, Helvi Salminen. Cambridge, MA: Syngress. ISBN   978-0-12-804496-4. OCLC   958455645.
  6. 1 2 "Share Files Securely Over Tor Network With OnionShare". itsfoss.com. 24 August 2020. Retrieved 2022-07-20.
  7. "Simple Online Security: Sending Messages and Files Safely". The New York Times. 22 April 2022. ISSN   0362-4331 . Retrieved 2022-07-05.
  8. "How To Share Files Anonymously Using Tor's Darknet And OnionShare?". Fossbytes. 2017-01-05. Retrieved 2022-07-05.
  9. 1 2 "Meet Onionshare, the File Sharing App the Next Snowden Will Use". Gizmodo. 2014-06-27. Retrieved 2022-09-10.
  10. Greenberg, Andy. "Free App Lets the Next Snowden Send Big Files Securely and Anonymously". Wired. ISSN   1059-1028 . Retrieved 2022-07-05.
  11. 1 2 "Golem.de: IT-News für Profis". www.golem.de. Retrieved 2022-07-05.
  12. Hassan, Nihad A.; Hijazi, Rami (2017). Digital Privacy and Security Using Windows. Berkeley, CA: Apress. doi:10.1007/978-1-4842-2799-2. ISBN   978-1-4842-2798-5. S2CID   12194324.
  13. R, Bhagyashree (2019-02-21). "OnionShare 2, an open source tool that uses Tor onion services for securely sharing files, is now out!". Packt Hub. Retrieved 2022-07-05.
  14. "OnionShare: Secure communications platform used by whistleblowers and journalists patches data exposure bug". The Daily Swig | Cybersecurity news and views. 2021-10-05. Retrieved 2022-07-05.
  15. "Golem.de: IT-News für Profis". www.golem.de. Retrieved 2023-07-27.
  16. 1 2 "2021 Penetration Test Report.pdf" (PDF).
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.