Tor Hidden Service File Sharing: OnionShare and Custom Solutions

OnionShare is an open-source tool that creates a temporary or persistent Tor hidden service specifically for file sharing. Features: share files (recipient downloads), receive files (whistleblower drop box mode), publish static websites, and host chat rooms - all over Tor. Download: onionshare.org (also available in Tails OS, Whonix, and most Linux distribution repositories). Operation: select files, click 'Start Sharing', OnionShare creates a .onion address and a random path. Share the .onion URL with the recipient. The recipient opens the URL in Tor Browser and downloads the files. OnionShare shows when files are accessed and can be configured to stop after one download (single-use mode for sensitive distribution) or remain active indefinitely.

OnionShare's Receive Mode creates a secure drop box where users can upload files to you anonymously. Configuration: open OnionShare, select 'Receive Files' tab, optionally set a password to restrict who can submit, start the server. The resulting .onion URL is a submission form. Submitters open the URL in Tor Browser, select files, and submit anonymously. Files are saved to your computer. Security note: files submitted from unknown sources may contain malware. Open received files in sandboxed environments (Dangerzone converts documents to safe PDF, Tails has offline sandboxing). OnionShare Drop Box is appropriate for: journalist tip lines, secure document submission for investigations, anonymous feedback collection.

For integration into existing hidden service applications, implement file sharing with: Flask-Uploads or Django file storage for receiving uploads, careful MIME type validation (never trust file extension or Content-Type header - use python-magic to verify actual file content), store files outside webroot in a dedicated upload directory, set upload size limits appropriate to the use case, implement anti-malware scanning if file content will be processed or re-distributed, and generate access tokens for shared files rather than using sequential or predictable IDs (prevents unauthorized access to other users' files by ID enumeration). File expiry: automatically delete files after download or after a time period to minimize exposure.

Files received through hidden service drop boxes may contain metadata (EXIF data in images, document properties in Office files) that could identify the sender. Before sharing received files externally or archiving them: strip metadata. Tools: ExifTool (command-line: exiftool -all= file.jpg), Dangerzone (converts documents to images and back to PDF, stripping all metadata and active content), mat2 (metadata anonymization toolkit for multiple file formats). PDF files can contain JavaScript, embedded fonts, and hyperlinks that could deanonymize recipients when opened. Dangerzone (dangerzone.rocks) converts suspicious documents to pixel-only PDF by rendering to images and reconverting - eliminates all active content.

File sharing hidden services require attention to storage and bandwidth. Storage management: set maximum upload sizes (OnionShare: Settings > Receive Files > Maximum upload size), implement periodic cleanup of old files, monitor disk usage with alerts before disk full conditions. Bandwidth management: file sharing consumes significant bandwidth. A 100 MB file served 100 times uses 10 GB of transfer - multiply across daily active sharing to estimate monthly usage. BandwidthRate in torrc limits Tor's bandwidth consumption. Alternatively, implement per-download throttling in the application (bandwidth limiting on file serving responses). On unlimited bandwidth plans (many VPS providers), manage CPU and disk I/O rather than pure bandwidth.