Our summary

Peer-to-peer technology is often characterized as a facilitator for copyright piracy, as it removes the need to upload files to a third party server (such as those run by services like Dropbox or Mega), where they can be relatively easily monitored by copyright bodies, law enforcement agencies, and the NSA.

However, while undoubtedly useful (and widely used) by copyright pirates, P2P can be an invaluable tool for journalists and whistle-blowers who need to transfer sensitive files securely and anonymously, directly from one machine to another without any meaningful possibility of interception.

This is a point that struck Micah Lee, staff technologist and resident crypto expert at Glen Greenwald’s investigative news site The Intercept, after reading about Greewald’s problems with secure file transfers in his book No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State.

This problem resulted in the appalling incident where Greenwald’s partner, David Miranda, was detained by UK police and held for questioning at Heathrow airport for nine hours, because police believed that a USB drive he was carrying contained 58,000 documents obtained from Edward Snowden (it was, but police attempts to access the drive were foiled by the use of TrueCrypt).

Lee’s response was to build OnionShare, a lightweight P2P file sharing program that routes all data sent through the Tor anonymity network,

‘If you use a filesharing service like Dropbox or Mega or whatever, you basically have to trust them. The file could end up in the hands of law enforcement. This lets you bypass all third parties, so that the file goes from one person to another over the Tor network completely anonymously… It’s basically 100 percent darknet,’ says Lee.

Onionshare will only run when a Tor instance is also running, and works by starting a local web server which is only accessible as a Tor hidden service, ‘generating an unguessable URL to access and download the file.’

You can then give the URL to the person you are trying to send the file to (preferably using a secure communications method such as Off-the-Record encrypted chat (see our tutorial for Pidgin + OTR, and article on Secure alternatives to WhatsApp).

 onionshare 1

‘As soon as the person has downloaded the file, you can just cancel the web server and the file is no longer accessible to anyone’, Lee explains (although it is possible to leave the server running in order to send files to multiple recipients).

The recipient does not need to be running OnionShare, but only needs to open the URL in Tor Browser to receive the file. A great thing about this system is that it allows the sender to remain anonymous, even to the recipient.

onionshare 2

Onionshare is now available (with a GUI frontend) for Windows, OSX and Linux, and can be downloaded from here.

Please be aware that at the time of writing the app is in the early stages of development, so caution should be used in high risk environments, and ‘ultimately, everyone uses OnionShare at their own risk.’

Note that BitTorrent Sync is another P2P based secure file sharing app, but it is a very different beast, and is more suited to transferring your own files between devices. Check out our full review of it here!

Douglas Crawford

I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. You can now follow me on Twitter - @douglasjcrawf.

One response to “Onionshare – the’ 100 percent darknet’ file sharing app

  1. The only issue with this method is it requires users to have knowledge and experience with TOR, and understand that sharing files this way makes your computer into a temporary web server, requiring you to keep it online and TOR-connected until the other party successfully retrieves the document.

    Here at our small business, where most of our “sending documents to other people” consists of “this video attachment is too large to fit into email protocols” I’ve been recommending Bittorrent Sync now much more regularly than Dropbox. It seems there’s very few differences to learn between Dropbox and Sync, as most users seem to understand “this doesn’t use the cloud, it’s peer-to-peer, so you have to leave your computer on until they get it.” Also I’ve heard BitTorrent is working to improve the security on Sync.

    Tor however, is a completely different animal. Yes I would say it’s much more user-friendly today than it has been. But for even our more sensitive documents, say sending our annual fiscal report to the bank, is it really worth it to have to train our accountant over the phone how to set up and operate TOR? Especially when BT Sync is supporting ‘pretty good’ encyption?

    Obviously, I think this service provides awesome privacy + anonymity, but at the cost of user convenience. In the small business world with a team of computer-illiterate users, some things win out over others. The only way I can see this gaining wide use is with, “Hello, I’m [adrenaline-junkie investigative reporter] speaking from [impoverished strife-filled 3rd-world country] and I’m sending you [secret gov’t docs that will change sliced bread as we know it], but I can’t tell you exactly where I am because [the CIA will literally drag me to Gitmo in ankle cuffs].”

Leave a Reply

Your email address will not be published. Required fields are marked *

Your Information will never be shared with any third party.
Enter your email address to receive your Beginner's Guide to Online Security for Free
You'll also receive great privacy news and exclusive software deals!
Enter your email to get the ebook:
Your Information will never be shared with any third party.
Enter your email address to receive your Ultimate Online Privacy Guide eBook!
You'll also receive great privacy news and exclusive software deals!
Enter your email to get the eBook:
Special VPN Deal
Exclusive Offer
Get a Special Deal - 72% OFF!
With a biannual subscription
Exclusive Offer for Visitors!
50% Off Annual Plan
Limited Time Only
Exclusive price of
Exclusive Offer
Get NordVPN for only