How to share and receive files anonymously with OnionShare
Find the official and most up-to-date information on OnionShare at docs.onionshare.org.
Introduction
If you want to share large files securely, then I recommend services like Standard Notes FileSend, Tresorit Send, and Bitwarden Send because of their built-in end-to-end encryption. Standard Notes FileSend is free and open-source. The source code Standard Notes FileSend is available here. Firefox Send was previously available, but it was discontinued because it was used for targeted phishing attacks. The source code for Firefox Send is available here.
If you want to share files of unlimited size securely and anonymously, then I recommend using the software OnionShare. It is free and open-source software developed by security professional Micah Lee and over one hundred other contributors. The source code is available on GitHub.
You can use OnionShare to share files of unlimited size directly from your computer to other people's computer. OnionShare sends the files over the Tor network, so they are encrypted multiple times and sent without reliance on any third-party servers or services. Therefore, OnionShare is especially useful when you want to share large files without being tracked online or when you want to circumvent censorship.
In this post, I briefly explain how to configure and use it. Before we start, it is important to know what OnionShare protects against. This is from its security design:
- Third parties don't have access to files being shared.
- Network eavesdroppers can't spy on files in transit.
- Anonymity of sender and recipient are protected by Tor.
- If an attacker enumerates the onion service, the shared files remain safe.
It is also important to know what it does not protect against:
- Communicating the OnionShare URL might not be secure.
- Communicating the OnionShare URL might not be anonymous.
Installation
First, download the OnionShare installer from onionshare.org. If you want to be extra careful, then it is a good idea to verify the signatures. After you do that, run the installer as an administrator and start OnionShare.
Settings
When Sharing, Receiving, and Website modes are off, you can adjust the Settings in the top right corner of the screen. Many custom settings are for advanced users, but here are a few useful settings that can help most users:
- To allow people to download files without a password (e.g., to share files on social media), visit General settings and check Public mode.
- To use the same URL every time you share and receive (e.g., to share files with the same people on multiple occasions), visit Onion settings and check Use a persistent address.
- To allow people to download individual files and to allow multiple people to download your files, visit Sharing settings and uncheck Stop sharing after files have been sent.
Sharing
When you start sharing or receiving files with public mode off, you will receive a URL formatted like this for you to share with the people you want to receive your files: http://onionshare:password@domain.onion.
Domains ending in .onion
can only be accessed from the Tor browser, so they will need to download and install it.
In the example below, public mode was off and OnionShare generated the http://onionshare:uncurious-siesta@bf27asgaxp4skao5sxbsfu57piqdhggrz2apbyz5xpwpl6pmfe5r5uad.onion
. To download the file test.txt
, one would visit the generated address in a Tor browser and login automatically or visit http://bf27asgaxp4skao5sxbsfu57piqdhggrz2apbyz5xpwpl6pmfe5r5uad.onion
and login with onionshare
as the username and uncurious-siesta
as the password.
Receiving
OnionShare can be used as an anonymous 'drop box'. This is useful for journalists who want to allow anyone to send them tips anonymously. Please note that receiving documents can be dangerous, especially if they are from strangers, because they may have viruses and other malware. If you want to take potentially dangerous PDFs, office documents, or images and convert them to safe PDFs, you can use software such as Dangerzone.
Websites
You can also use OnionShare to serve static websites right from your computer. Some useful ways to create static websites include templates from Templated, HTML5UP, or Pixelarity (easier) and static site generators (more challenging; may require code knowledge).
Further Resources
The full documentation for OnionShare is available at docs.onionshare.org.
OnionShare relies on the Tor Project for the Tor network. If you think Tor is useful or valuable, please consider donating. The Tor Project is a 501(c)(3) non-profit organization and donations are tax-deductible.