Developer(s) | Micah Lee, et al. |
---|---|
Stable release | 2.6.2
/ 21 March 2024 |
Repository | github |
Written in | Python |
Middleware | Tor |
Operating system | Linux, macOS, Windows, iOS, Android[1] |
Available in | 68[2] languages |
License | GPLv3 |
Website | onionshare |
OnionShare is an open source file sharing application using tor network to share files, available on most major platforms. It also lets users host websites and chat in a secure and anonymous manner. It uses peer-to-peer sharing over Tor network to preserve privacy and anonymity.[3][4][5][6]
Its main features are:[7][8][6]
The distinguishing feature of OnionShare is that users can do these things while maintaining anonymity.[3] So, sensitive document sharing and whistleblowing is a prime target audience of the app.[9]
Sending large files over the internet is a hassle without centralized servers.[3][10] OnionShare made it easier to share files because of its peer-to-peer nature. This also circumvented surveillance, possible because of centralized services. The circumvention is allowed by hosting shared files on tor network.[11]
OnionShare allows hosting static websites without JavaScript from the app.[4] This feature became available as of version 2.2. These sites can be visited by any browser that supports .onion sites, such as Tor Browser.
OnionShare is most notably aimed at being used for sharing sensitive files and whistleblowing.[9][12]
OnionShare was released in 2014. Its initial release was hampered by RIAA and MPAA who wanted to limit peer-to-peer file sharing solutions. Lobby group such as RIAA and MPAA actively lobbied against peer-to-peer protocols and software that they had a hard time finding investment and development, hence why it took so long to release such a tool.[3]
In February 2019, OnionShare 2 was released. It came with macOS sandbox enabled by default, support for v3 onion services, translations etc. The .onion addresses were ephemeral by default, as always.[13]
On October 2021, OnionShare patched two low risk vulnerabilities which were uncovered in a security advisory by IHTeam.[14][11]
On December 2021, radically open security published their penetration report of the audit conducted on OnionShare.[15][16] It was financed by Open Tech Fund and targeted version 1.1. The most impactful vulnerability found allowed to render arbitrary HTML inside the desktop application and a denial-of-service attack based on previously undisclosed Qt image parsing. 2 elevated, 4 low and 3 moderate severity issues were found. All issues were resolved before publication of the report.[16]