OnionShare 2, an open source tool that uses Tor onion services for securely sharing files, is now out!

2 min read

This Monday, the community behind OnionShare has released its next major version, OnionShare 2. This release comes with macOS sandbox enabled by default, support for next-generation onion services, several new translations, and more. OnionShare is a free, open-source tool which allows users to share and receive files securely and anonymously using Tor onion services.

Following are some of the updates introduced in OnionShare 2:

The macOS sandbox enabled by default

The macOS sandbox is enabled by default in OnionShare 2. This will prevent hackers from accessing data or running programs on user computers, even if they manage to exploit a vulnerability in OnionShare.

Next generation Tor onion addresses

OnionShare 2 improves security by using next-generation Tor onion service also known as v3 onion services. These next-generation Tor onion services provide onion addresses, which are unguessable address to share. These addresses look like this lldan5gahapx5k7iafb3s4ikijc4ni7gx5iywdflkba5y2ezyg6sjgyd.onion. Users can use v2 onion addresses if they want, by navigating to Setting and selecting “Use legacy addresses”.

OnionShare addresses are ephemeral by default

As soon as the sharing is complete, OnionShare address will completely disappear from the internet as these addresses are intended for one-time use. This behavior is enabled by default that you may want to change in case you want to share the files with a group of people. You can do that by going to the Settings menu and unchecking the “Stop sharing after files have been sent” option.

Public OnionShare addresses

By default, OnionShare addresses look like this http://[tor-address].onion/[slug]. In this format, the slug represents random words out of a list of 7,776 words. Even if the attacker figures out the tor-address part, they still won’t be able to download the files you are sharing or run programs on your computer. They need to know the slug, which works here as a password. But since this slug is only of two words, and the wordlist OnionShare uses is public, attackers can guess it.

With this Public mode enabled, the OnionShare address will look like http://[tor-address].onion/, and the server will remain up no matter how many 404 errors it gets. OnionShare 2 comes with a Public mode that allows you to publicly share an OnionShare address. To enable this mode, just go to the Settings menu and check the box next to “Public mode”.

OnionShare 2 is translated to 12 languages

OnioShare 2 is translated into twelve new languages. These languages are Bengali, Catalan, Danish, French, Greek, Italian, Japanese, Persian, Portuguese Brazil, Russian, Spanish, and Swedish. You can select these languages from a dropdown.

Read the complete list of updates in OnionShare 2 shared by Micah Lee, a computer security engineer.

Read Next

Understand how to access the Dark Web with Tor Browser [Tutorial]

Brave Privacy Browser has a ‘backdoor’ to remotely inject headers in HTTP requests: HackerNews

Signal introduces optional link previews to enable users understand what’s behind a URL