Free App Lets the Next Snowden Send Big Files Securely and Anonymously

Onionshare creator Micah Lee, who works as a staff technologist and crypto guru for Glenn Greenwalds news site The Intercept. Image: Courtesy of Micah Lee

When Glenn Greenwald discovered last year that some of the NSA documents hed received from Edward Snowden had been corrupted, he needed to retrieve copies from fellow journalist Laura Poitras in Berlin. They decided the safest way to transfer the sizable cache was to use a USB drive carried by hand to Greenwalds home in Brazil. As a result, Greenwalds partner David Miranda was detained at Heathrow, searched, and questioned for nine hours.

Thats exactly the sort of ordeal Micah Lee, the staff technologist and resident crypto expert at Greenwalds investigative news site The Intercept, hopes to render obsolete. On Tuesday he released Onionsharesimple, free software designed to let anyone send files securely and anonymously. After reading about Greenwalds file transfer problem in Greenwalds new book, Lee created the program as a way of sharing big data dumps via a direct channel encrypted and protected by the anonymity software Tor, making it far more difficult for eavesdroppers to determine who is sending what to whom.

If you use a filesharing service like Dropbox or Mega or whatever, you basically have to trust them. The file could end up in the hands of law enforcement, Lee says. This lets you bypass all third parties, so that the file goes from one person to another over the Tor network completely anonymously.

Its basically 100 percent darknet.

When Onionshare users want to send files, the program creates a password-protected, temporary website hosted on the Tor networkwhats known as a Tor Hidden Servicethat runs on their computer. They provide the recipient with the URL and password for that site, preferably via a message encrypted with a tool like PGP or Off-The-Record encrypted instant messaging. The recipient visits that URL in a Tor Browser and downloads the file from that temporary, untraceable website, without needing to have a copy of Onionshare.

As soon as the person has downloaded the file, you can just cancel the web server and the file is no longer accessible to anyone, Lee says.

Lee hopes to have others examine Onionshares code to suss out flaws. For now it only runs as a bare-bones command-line tool on the Tor-based operating system Tails, which can be launched on Windows or Mac machines. He plans to add a version that runs directly on Windows and Mac computers soon.

Onionshare can be particularly useful when someone sending a file wants to remain anonymous even to the recipient, Lee says. If whistleblowers can securely send an Onionshare URL and password to a journalist, they potentially could use it to leak secrets anonymously without being exposed. That flips the model of how Tor enables leaks: Sites like WikiLeaks and news organizations using the anonymous leak software SecureDrop host their own Tor Hidden Services. Onionshare could put more power in whistleblowers hands, helping them send secrets to journalists who dont have that sort of anonymous submission system in place.

But Lee also sees Onionshare being used for more common file-sharing situations where everyone involved knows each other but require utmost secrecy. Its a safe bet that Greenwald and Miranda will be fans.

Read more:

Free App Lets the Next Snowden Send Big Files Securely and Anonymously

Related Posts

Comments are closed.