A well-known consumer-operated network, run by the Tor Project [1], provides exceptional levels of anonymity. The web browser, Tor Browser, is well worth investigating as a tool for blocking trackers and improving anonymity: Tor Browser prevents someone watching your connection from knowing what websites you visit. This article explores an intriguing open source tool called OnionShare [2] that makes use of the Tor network to allow secure file sharing. OnionShare even supports online chat and web hosting.

In addition to Linux, OnionShare is available for 32-bit and 64-bit Windows, as well as macOS, iOS, and Android. The curious name OnionShare comes from the fact that online activity is hidden behind several layers of security. The layers are peeled back one by one as the packet is forwarded, and each router only sees the layers needed to receive and send the packet. The name Tor is actually an acronym for "The Onion Router," and this type of anonymous delivery is known as onion routing. Tor Browser is stripped down (without plugins that leak data) to make using the Tor network as simple as possible, and it is optimized to use the Tor network's anonymous, user-supplied access points.

Detailed documentation for installing OnionShare on Linux is available at the project website [3]. You'll find OnionShare packages in both Flatpak and Snap formats. OnionShare lets you fire up a web server on your local computer, expose that web server to the Tor network, and ensure that access is only available for users that are welcome. In addition to built-in software and infrastructure security, you can use private keys to lock out user access.

OnionShare helps you ensure privacy while sharing a file on your computer. Forward the URL to a recipient using a secure chat service like Signal [4]. The authorized recipient can then paste the URL into their Tor Browser [5].

On Your Marks

On Ubuntu systems, you can install OnionShare using a Snap. (I'm using Ubuntu 22.04 "Jammy Jellyfish.") I will assume the Snap daemon snapd is ready to use on your system, but if you need to install it, use the following commands as the root user:

$ apt update
$ apt install snapd

Then either restart your system or log out and back in again.

To get the OnionShare package installed, enter:

$ snap install onionshare

Get Set

Once OnionShare is installed, I can search for it using the application launcher (Figure 1). Click on the icon to launch OnionShare (Figure 2).

Figure 1: The OnionShare software package, courtesy of snapd.

Figure 2: OnionShare's welcome screen.

As you can see in Figure 2, you have the option to auto-connect to the Tor network when OnionShare is fired up.

You will also find a link to adjust network settings. Options include the ability to connect to the Tor network using auto-configuration and the ability to manually tweak control ports. You can also force a connection via a Tor bridge if you are in a challenging network environment, such as behind The Great Firewall in China [6].

The rocket shown in Figure 2 becomes animated and takes off when you press the Connect to Tor button.

Go!

To show OnionShare in action, I will start by sharing a file via a generated URL. I have created a simple text file called onions.txt. Now I'll click the Add button (Figure 3) and then click Start sharing. The display in Figure 4 then becomes visible.

Figure 3: I'm ready to share the text file.

Figure 4: Sharing the text file.

If I use the venerable lsof command, I can get a brief insight into what OnionShare is doing on my local network:

$ lsof -i | grep -i tor

In Figure 5, a number of listening ports are displayed using the lsof command, along with two established network connections.

Figure 5: OnionShare's listening network ports and established connections.

As you can see in Figure 5, from my UK-based network, there are connections out to Germany and the non-privileged debian-tor user is listening on TCP port 9050 over IPv4.

To share a file, paste a generated URL (see the long link in Figure 4) securely over an encrypted chat message using a tool like Signal. As you can see in Figure 4, OnionShare also offers a QR code option. (If possible, I will avoid using these QR codes; non-digital QR codes are often tampered with in order to install malware on your phone by placing stickers on top of posters, etc.)

The first step to allow file sharing is forwarding the link; the next step is forwarding the generated private key so the recipient can get access to whatever asset is hiding behind the link. Note that the dialog in Figure 4 includes a button for revealing the private key. Be sure to keep this key secret and transmit it to the recipient in a secure way.