There are LOTS of file transfer possibilities these days, ranging from the lowly and limited email address to bigger and better solutions such as WeTransfer, Firefox Send, and various cloud storage platforms.
But the drawback for using any of these methods is that you have to rely on someone else’s server to pass the file from A to B. And if that server has a copy of your file, even if for only a minute or two, it can be subpoenaed by law enforcement, scanned for advertising purposes, and much more.
This is why if you need to send a file to someone secretly (say, if you are a whistleblower talking to the media), it is best to use a method which does not involve any third-party servers. For that, we turn to OnionShare.
Effortlessly Transfer a File From A & B With OnionShare
OnionShare is a free open-source tool, based on the Tor Browser. The Tor Browser is a heavily encrypted browser which relies on virtual private networks (otherwise known as “relays”) to mask your actual geographical location.
OnionShare works alongside Tor in the sense that the recipient MUST use Tor to be able to download the files you send them. This is because the files are encrypted with the Onion protocol which is only readable by Tor and no other browser.
The files remain solely on your computer and, once a unique web server is started on your computer, OnionShare generates an encrypted Onion address which the recipient enters into Tor at their end. This gives them a download link to get the files.
But your OnionShare must remain open for the files to be available. If you close OnionShare, the files are then unreachable by the other person. If you try to send them again, a new Onion address is generated. There is an option to stop this from happening.
Before you start transferring any files, download OnionShare. Plus make sure your files recipient has the Tor Browser to be able to download everything at their end. You don’t need Tor to send files as Tor is already built into OnionShare.
Starting OnionShare Up
When you open up OnionShare, this is what you will see.
The “Share Files” is the area where you would send the files to the other person. “Receive Files” is when you can generate a one-off encrypted Onion link for the person to send files back.
But let’s stick with sending files for now. Click “Add Files” or “Add Folder” and navigate to what you want to send. Alternatively, drag the files or folders into the OnionShare window using your mouse or trackpad.
When all of the files have been added, click “Start Sharing”.
This immediately generates your encrypted Onion download link.
As you can see, the link has two words at the end – “grinning-overdrive”. According to OnionShare’s Wiki, OnionShare randomly chooses two words from a 6,800-strong list, and adds them onto the end of the link to make the download URL impossible to guess. As if it wasn’t already impossible enough!
Now you need to communicate that encrypted download link to the other person, and this (even by OnionShare’s admission) is one of the very few weak parts of the chain.
How you communicate this link to the other person will determine if an undesirable third-party gets their hands on the file. I strongly recommend you use Signal for communicating and I will be discussing Signal in my next article.
When the other person gets the link and enters it into their Tor browser, they will see this :
They then just have to click “Download Files” to get what you sent them.
Receiving Files Back
If it is necessary for them to send a file back, you can set up a one-time encrypted link to receive that file.
To do so, click over to the “Receive Files” tab and click “Start Receive Mode”. As it says though, only do this if you absolutely trust the other person.
Then similar to when you were sending files, another Onion address will be made with the random two word slug on the end.
Send the person that link (again, Signal would be best) and when they enter the link into Tor, they will see this.
They can then upload files and they will appear at your end with a browser notification.
Interestingly though you cannot approve the files first – they just download immediately. So again, only do this with people you know are not going to send you malware or any other nasty critters.