![]() Traditional ways of sending files, like in an email or using a cloud hosting service like Dropbox or Google Drive, require trusting the service with access to the files being shared. Instead, the sender's computer becomes the server. ![]() The files are hosted directly on the sender's computer and don't get uploaded to any server. Third parties don't have access to files being shared.A European human rights lawyer told me that their client in Africa used it to send them sensitive files. I’ve heard from digital security trainers that OnionShare is used by the Movement for Black Lives in the United States, and by activists in Latin America. Sources use it to send me and other journalists documents. I use it on a regular basis myself while working on sensitive journalism projects with my colleagues at The Intercept. I don’t run a central service - instead, every user runs their own short-lived service, often only for a few minutes, and that service disappears as soon as they finish sharing their files. It’s completely decentralized, anonymous, and private. I’m the developer of OnionShare, but I have no idea how many users it has. (Since OnionShare runs a server directly on your computer, this also means that your computer needs to be online for the URL to work - if you suspend your laptop, for example, the URL won’t work until you get back online.) The moment the download is complete, OnionShare shuts down the web service, the URL no longer works, and the files you shared disappear from the internet. You send this URL to someone you’d like to share files with, and they load it using Tor Browser and download the files directly from the web server running on your computer. After a moment, OnionShare gives you URL that looks something like. You open OnionShare, drag some files into it, and click the “Start Sharing” button. Inspired by this idea, I developed a simple and user-friendly open source tool called OnionShare that automates this process. Of course, the problem is that while this may be simple for seasoned nerds like myself, it’s not for many journalists, activists, or lawyers who run into similar problems on a regular basis. As soon as he finished the download, I would stop the local web server and remove the onion service, so it would no longer be on the internet at all. He would open it in Tor Browser and download the encrypted file. I would send my colleague in Rio (in this case, Glenn Greenwald) the URL to the onion service. Then I would setup a Tor onion service - one of the coolest and most under-appreciated technologies on the internet, in my opinion - to make this simple website accessible from a special “.onion” domain name. The only thing on the website would be a download link to an encrypted file that contained the secret documents. ![]() Here’s how I would have done it: In Berlin (where the secret files originated), I would set up a local web server on my computer, that isn’t accessible from the internet. When I first learned about this story, I knew there must be safer ways to move sensitive documents across the world than physically carrying them, one that didn’t involve putting individual people at risk from border agents and draconian “terrorism” laws that are used to stifle award-winning journalism. Working on a journalism assignment for the Guardian, he was carrying an encrypted USB stick that contained classified government documents. ![]() In August 2013, David Miranda was detained for nine hours and searched at Heathrow Airport in London while he was trying to board a plane back home to Rio de Janeiro. And please support the Tor Project! We're at the heart of Internet freedom. Check out our blog each day to learn about our fellow travelers. During the month of December, we're highlighting other organizations and projects that rely on Tor, build on Tor, or are accomplishing their missions better because Tor exists.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |