OnionShare

OnionShare is an open source file sharing application, which uses the Tor network to share files. It is available on most major platforms. It also lets users host websites and chat in a secure and anonymous manner. It uses peer-to-peer sharing over Tor to preserve privacy and anonymity.^[4][5][6][7]

Developer(s)	Micah Lee, et al.
Initial release	2014; 11 years ago (2014)
Stable release	2.6.3[1]  / 25 February 2025; 4 months ago (25 February 2025)
Repository	github.com/onionshare/onionshare/
Written in	Python
Middleware	Tor
Operating system	Linux, macOS, Windows, iOS, Android[2]
Available in	68[3] languages
Type	File sharing
License	GPLv3
Website	onionshare.org

• Free software portal

Features

Its main features are:^[8][9][7]

• Sending and receiving large files peer-to-peer over tor network.
• Chat ephemerally.
• Host a website.

The distinguishing feature of OnionShare is that users can do these things while maintaining anonymity.^[4] Because of this, sensitive document sharing and whistleblowing activities are a primary use-case of the app.^[10]

Sending files

Sending large files over the internet can be a hassle without centralized servers.^[4][11] OnionShare made it easier to share files because of its peer-to-peer nature. This also circumvented surveillance, possible because of centralized services. The circumvention is allowed by hosting shared files on tor network.^[12]

Hosting websites

OnionShare allows hosting static websites without JavaScript from the app.^[5] This feature became available as of version 2.2. These sites can be visited by any browser that supports .onion sites, such as Tor Browser.

Usage

OnionShare is most notably aimed at being used for sharing sensitive files and whistleblowing.^[10][13]

History

OnionShare was released in 2014. Its initial release was hampered by the RIAA and MPAA, who wanted to limit peer-to-peer file sharing solutions. They both actively lobbied against peer-to-peer protocols and software in which they had a hard time finding investment and development for, hence why it took so long to release such a tool.^[4]

In February 2019, OnionShare 2 was released. It came with macOS sandbox enabled by default, support for v3 onion services, translations, etc. The .onion addresses were ephemeral by default, as always.^[14]

In October 2021, OnionShare patched two low risk vulnerabilities which were uncovered in a security advisory by IHTeam.^[15][12]

In December 2021, Radically Open Security published their penetration report of the audit conducted on OnionShare.^[16][17] It was financed by Open Tech Fund and targeted version 1.1. The most impactful vulnerability found allowed to render arbitrary HTML inside the desktop application and a denial-of-service attack based on previously undisclosed Qt image parsing. 2 elevated, 4 low and 3 moderate severity issues were found. All issues were resolved before publication of the report.^[17]