Sometimes you just stumble on things…
I’ve forgotten what search terms showed me the name “Onionshare” but on one of my searches about Tor, it showed up. It is a file-sharing application for Tor. It lets you send a file from your machine to someone else’s relatively securely.
I couldn’t find much about availability on Arm, so I just tried an install, and it went. (Raspberry Pi M3 / Raspbian Buster). Then launched it. A nice window opens with “drag file here to share” and it does some magic, and then eventually up pops a link for sharing it. A purple / white dual circular arrows roundabout button show up on the menu bar near the network status. Right Click and you get a dropdown that includes some configuration options. I chose “stop sharing after first download”. So looks like you can control the window of exposure tightly. Drop in a file to share, send text to your target (or encrypted email, or…) and as soon as they click the link and do the download, the file evaporates.
FWIW, I put up a test file containing all of “This is a test, this is only a test” and this is the URL it returned to me:
So first person to put that in a Tor Browser can get the file ;-)
It’s been grabbed!
(Note that .onion address high level qualifier. This is on the Tor Dark Net only.)
Note that ANYONE who has the URL can download the file, so for stuff you absolutely must have secure, encrypt the file before sharing. You might want to have a prior agreement like “I’ll encrypt files for you using the name of your favorite fast food place and your dog’s name” or some such, so that you don’t need to repeatedly pass encryption keys in the clear anywhere…
Some Tech Talk
OnionShare 2.3 adds tabs, anonymous chat, better command line support, and quite a bit more
Posted February 21, 2021 in onionshare code
After a ridiculously long sixteen months (or roughly ten years in pandemic time) I’m excited to announce that OnionShare 2.3 is out! Download it from onionshare.org.
This version includes loads of new and exciting features which you can read about in much more detail on the brand new OnionShare documentation website, docs.onionshare.org. For now though I’m just going to go over the major ones: tabs, anonymous chat, and better command line support.
Doing all the things at once
In the olden days, OnionShare only did one thing: let you securely and anonymously share files over the Tor network. With time we added new features. You could use it as an anonymous dropbox, and then later to host an onion site.
But what if you wanted to, for example, run your own anonymous dropbox as well as share files with someone? If your OnionShare was busy running a service, you couldn’t run a second service without stopping the first service. This is all fixed now thanks to tabs.
As Onionshare is started by a Python script that has a 2018 date in the heading, I’m thinking the version in the Raspberry Pi Raspbian repository is not this new one…
pi@raspberrypi:~ $ which onionshare /usr/bin/onionshare pi@raspberrypi:~ $ file /usr/bin/onionshare /usr/bin/onionshare: Python script, ASCII text executable pi@raspberrypi:~ $ more /usr/bin/onionshare #!/usr/bin/python3 # -*- coding: utf-8 -*- """ OnionShare | https://onionshare.org/ Copyright (C) 2018 Micah Lee
But it does look like it works for file sharing. Anyone care to launch a Tor browser and let me know? I’ll keep this machine running the rest of the day or until someone claims the file…
There’s online documentation for how to install. Here’s the one for Linux but it has pages for Mac and PC as well:
They tell you how to run it inside a sandbox. As this whole Pi is basically a disposable sandbox system, I’m just running it from the repository as an application. Here’s how I did the install:
root@raspberrypi:/# apt-get install onionshare Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: obfs4proxy python3-stem tor tor-geoipdb torsocks Suggested packages: mixmaster torbrowser-launcher socat tor-arm apparmor-utils Recommended packages: torbrowser-launcher The following NEW packages will be installed: obfs4proxy onionshare python3-stem tor tor-geoipdb torsocks 0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded. Need to get 4,898 kB of archives. After this operation, 19.9 MB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://mirrors.ocf.berkeley.edu/raspbian/raspbian buster/main armhf obfs4proxy armhf 0.0.7-4 [1,293 kB] Get:2 http://mirrors.ocf.berkeley.edu/raspbian/raspbian buster/main armhf python3-stem all 1.7.1-1 [284 kB] Get:3 http://mirrors.ocf.berkeley.edu/raspbian/raspbian buster/main armhf tor armhf 0.3.5.12-1 [1,697 kB] Get:4 http://mirrors.ocf.berkeley.edu/raspbian/raspbian buster/main armhf onionshare all 1.3.2-1 [105 kB] Get:5 http://mirrors.ocf.berkeley.edu/raspbian/raspbian buster/main armhf tor-geoipdb all 0.3.5.12-1 [1,451 kB] Get:6 http://mirrors.ocf.berkeley.edu/raspbian/raspbian buster/main armhf torsocks armhf 2.3.0-2 [67.4 kB] Fetched 4,898 kB in 32s (153 kB/s) Selecting previously unselected package obfs4proxy. (Reading database ... 166290 files and directories currently installed.) Preparing to unpack .../0-obfs4proxy_0.0.7-4_armhf.deb ... Unpacking obfs4proxy (0.0.7-4) ... Selecting previously unselected package python3-stem. Preparing to unpack .../1-python3-stem_1.7.1-1_all.deb ... Unpacking python3-stem (1.7.1-1) ... Selecting previously unselected package tor. Preparing to unpack .../2-tor_0.3.5.12-1_armhf.deb ... Unpacking tor (0.3.5.12-1) ... Selecting previously unselected package onionshare. Preparing to unpack .../3-onionshare_1.3.2-1_all.deb ... Unpacking onionshare (1.3.2-1) ... Selecting previously unselected package tor-geoipdb. Preparing to unpack .../4-tor-geoipdb_0.3.5.12-1_all.deb ... Unpacking tor-geoipdb (0.3.5.12-1) ... Selecting previously unselected package torsocks. Preparing to unpack .../5-torsocks_2.3.0-2_armhf.deb ... Unpacking torsocks (2.3.0-2) ... Setting up python3-stem (1.7.1-1) ... update-alternatives: using /usr/bin/python3-tor-prompt to provide /usr/bin/tor-prompt (tor-prompt) in auto mode Setting up obfs4proxy (0.0.7-4) ... Setting up tor (0.3.5.12-1) ... Something or somebody made /var/lib/tor disappear. Creating one for you again. Something or somebody made /var/log/tor disappear. Creating one for you again. Created symlink /etc/systemd/system/multi-user.target.wants/tor.service → /lib/systemd/system/tor.service. Setting up onionshare (1.3.2-1) ... Setting up torsocks (2.3.0-2) ... Setting up tor-geoipdb (0.3.5.12-1) ... Processing triggers for mime-support (3.62) ... Processing triggers for gnome-menus (3.31.4-3) ... Processing triggers for systemd (241-7~deb10u6+rpi1) ... Processing triggers for man-db (2.8.5-2) ... Processing triggers for desktop-file-utils (0.23-4) ...
The online download site looks like it is only one architecture, so likely only AMD64 for the VM version. The rest, being Python, ought to work anywhere.:
Index of /dist/2.3.1/ ../ OnionShare-2.3.1.dmg 22-Feb-2021 22:18 78193481 OnionShare-2.3.1.dmg.asc 22-Feb-2021 22:17 833 OnionShare-2.3.1.msi 22-Feb-2021 22:12 106131456 OnionShare-2.3.1.msi.asc 22-Feb-2021 22:17 833 onionshare-2.3.1.tar.gz 22-Feb-2021 22:18 10485760 onionshare-2.3.1.tar.gz.asc 22-Feb-2021 22:17 833 onionshare_2.3.1_amd64.snap 22-Feb-2021 22:17 242491392 onionshare_2.3.1_amd64.snap.asc 22-Feb-2021 22:17 833
There was no torbrowser-launcher in the repository, so when I tried to also install the recommended packages, that failed. My Tor will have to run outside of a sandbox.
root@raspberrypi:/# apt-get install mixmaster torbrowser-launcher socat tor-arm apparmor-utils Reading package lists... Done Building dependency tree Reading state information... Done Package torbrowser-launcher is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source E: Package 'torbrowser-launcher' has no installation candidate
Everything else installed. Even though I don’t know what all it does… During the install it asked me questions about how my mail server is configured. I don’t have one running and don’t have a domain name, so just put in some “cute” stuff… Probably ought to figure out what these all do and only install the ones that matter.
root@raspberrypi:/# apt-get install mixmaster socat tor-arm apparmor-utils Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: [...] 0 upgraded, 37 newly installed, 0 to remove and 0 not upgraded. Need to get 3,986 kB of archives. After this operation, 11.1 MB of additional disk space will be used. Do you want to continue? [Y/n] y
I didn’t install all of the “suggested packages” these pakages tagged… This being a quick test only, really.
After that, Onionshare shows up in the “Internet” dropdown menu list. That’s pretty much all it took.
Tor makes a direct tunnel between two parties and with some intermediate host hops to obscure the connection. This ought to be faster then sharing a big file using Bittorrent over i2p and it lets you limit the download to one copy.
It looks to me like what it does is create a fake “URL Address” that indirectly points to the Tor tunnel it set up, then the file gets encrypted and moved when someone uses that URL. I have no idea how well it will work, but it does look like Yet Another Privacy Tool to have on your belt. It is a lot quicker and easier to set up than a full i2p install, so if you just need to share a file quick, it looks like a nice way to go.
OK, I’m going back to testing things on the R. Pi now.
Let the race to download the example file begin! Someone got it!
Sidbar On Pi Sloth:
I’m running i2p router on this Pi M3, and I’ve got Chromium open 9 tabs. (It was 10 and that one had an animation in it that was really slowing things down…). At present I’m running i2psnark sharing a bittorrent file, and I’ve got 27 tunnels running (2 participating, most exploring or client). That combined load put the Pi in a bit of a slow mode.. and rolled 264 MB to swap. I’ve closed some tabs ( I’d had nearer 15 open that caused the swap hit) and it’s pretty good now.
But realize the Pi is just not a fast box for this kind of stuff. It does work, and it is quite acceptable, but don’t expect to watch a video while running bittorrent while using Tor to browse the Dark Web… without any pausing. If you use only the tabs you really need and don’t try to do too many things at once, it’s fine.