OnionShare: securely and anonymously share a file of any size

Cool project. It shows the power of Tor hidden services here: you can have peer to peer communication regardless of either side&#x27;s network topology. It just needs to connect to the Tor network and you&#x27;re good to go. (And yes, Tor can connect through &quot;fascist&quot; firewalls, as the configuration itself puts it[1].)<p>If you think about it, it&#x27;s dead simple to make: run the tor binaries, run a netcat binary that listens on a certain port, and configure tor (two lines of config) to run a hidden service connecting to that netcat port. Then read the generated hostname file for the .onion address and display it to the user. Reverse thing on the other side.<p><pre><code> nc -l 1111 &lt; super_secret.rar echo &#x27;HiddenServicePort 1112 127.0.0.1:1111&#x27; &gt;&gt; &#x2F;etc&#x2F;tor&#x2F;torrc echo &#x27;HiddenServiceDir &#x2F;var&#x2F;lib&#x2F;tor&#x2F;hidden_service&#x2F;&#x27; &gt;&gt; &#x2F;etc&#x2F;tor&#x2F;torrc service tor restart cat &#x2F;var&#x2F;lib&#x2F;tor&#x2F;hidden_service&#x2F;hostname # share w&#x2F; friend </code></pre> I don&#x27;t mean to say that OnionShare is not useful, OnionShare to the above script is what Firefox is to Lynx (to take an example). I just mean to say that it&#x27;s interesting how easily this can be done with just five commands.<p>[1] <a href="https://www.torproject.org/docs/tor-manual.html.en#FascistFirewall" rel="nofollow">https:&#x2F;&#x2F;www.torproject.org&#x2F;docs&#x2F;tor-manual.html.en#FascistFi...</a>

Posted and criticized a month ago:<p><a href="https://news.ycombinator.com/item?id=7958598" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=7958598</a><p><a href="https://news.ycombinator.com/item?id=7780488" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=7780488</a><p>Please don&#x27;t anyone who needs security and anonymity rely on this program. It has far too many inherent weaknesses.

RetroShare [0] does this, too, and covers many other communication needs (mailing, chatting, forum, etc.) while being p2p&#x2F;decentralized&#x2F;public-key-encrypted&#x2F;open source.<p>[0] <a href="http://retroshare.sourceforge.net/" rel="nofollow">http:&#x2F;&#x2F;retroshare.sourceforge.net&#x2F;</a>

Who decided it was a good idea to publish the signing key on the same domain as the software and not link to any other trustworthy source?

Isn&#x27;t the Man in the Middle attack warning useless considering the attacker they describe could easily remove it or modify the PGP key they provide?

I still don&#x27;t understand why Greenwald didn&#x27;t get his friend to courier a giant one time pad on a handful of memory sticks. Then he could just swap unbreakably encrypted files using Mega or Dropbox or whatever to his heart&#x27;s content.

This is cool... but you should check out <a href="http://maidsafe.net" rel="nofollow">http:&#x2F;&#x2F;maidsafe.net</a>

Would it be worthwhile to combine this with a service like tor2web, even if it means there won&#x27;t be end-to-end encryption? I could think of quite a few situations where the anonymity of the downloader is not nearly as important as that of the uploader.

FYI, crashes without fully opening on Mac 10.6.8 Snow Leopard.

Great idea. The main problem with TOR is the lack of nodes, so transferring any file will be very slow.