There are LOTS of file transfer options these days, from a humble and limited email address to larger and better solutions like WeTransfer, Firefox Send, and various cloud storage platforms.
But the downside to using either of these methods is that you have to rely on someone else’s server to transfer the file from A to B. And if that server has a copy of your file, even if for a minute or two, it could be sued by law enforcement scanned for advertising purposes, etc.
This is why, if you need to send a file to someone secretly (say, if you are an informant talking to the media), it is best to use a method that does not require the involvement of third-party servers. To do this, we turn to OnionShare.
Transfer a file from A & B easily with OnionShare
OnionShare is a free and open source tool based on the Tor browser. The Tor Browser is a highly encrypted browser that uses VPNs (also known as “relays”) to mask your actual geographic location.
OnionShare works with Tor in the sense that the recipient MUST be using Tor in order to be able to download the files you send them. This is because the files are encrypted using the Onion protocol, which is readable only by Tor and no other browser.
The files remain exclusively on your computer, and after running a unique web server on your computer, OnionShare generates an encrypted onion address that the recipient enters into Tor on their side. This gives them a link to download the files.
– /
But your OnionShare must remain open for the files to be available. If you close OnionShare, the files are no longer available to the other person. If you try to send them again, a new Onion address will be created. It is possible to prevent this.
Download OnionShare before transferring any files. Also, make sure the recipient of your files has a Tor browser to be able to download everything from their end. You don’t need Tor to send files as Tor is already built into OnionShare.
Starting OnionShare Up
This is what you see when you open OnionShare.
Share Files is the area where you send files to another person. “Receive files†is when you can create a one-time encrypted onion link so that a person can send files back.
But let’s focus on sending files for now. Click “Add Files” or “Add Folder” and navigate to what you want to send. Or drag files or folders into the OnionShare window using your mouse or trackpad.
When all the files have been added, click Start Sharing.
This immediately creates your encrypted Onion download link.
As you can see, there are two words at the end of the link – “grin-overdrive”. According to the OnionShare Wiki, OnionShare randomly selects two words from a 6800-strong list and appends them to the end of the link to make it impossible to guess the download URL. As if that weren’t enough already!
Now you need to pass this encrypted download link to another person, and this (even according to OnionShare) is one of the very few weak links in the chain.
How you pass that link to another person will determine if an unwanted third party ends up in the hands of an unwanted third party. I highly recommend that you use Signal to communicate, and I will discuss Signal in my next article.
When another person receives the link and enters it into their Tor browser, they will see the following:
Then they just need to click on Upload Files to get what you sent them.
Receive files again
If they need to send a file back, you can set up a one-time encrypted link to receive that file.
To do this, go to the “Receive files” tab and click “Start receiving mode”. However, as the saying goes, only do this if you completely trust the other person.
Then, just like uploading files, another Onion address will be generated with a random two-word label at the end.
Send the person this link (again, Signal will be better) and when they enter the link in Tor they will see it.
They can then download the files and they will appear at your end with a browser notification.
Interestingly, you can’t approve the files first – they just download right away. Again, only do this with people you know aren’t going to send you malware or other nasty critters.
–