OnionShare: complete guide to sharing files, chat, and sites via Tor (2026)

OnionShare is probably the most elegant tool in the Tor ecosystem: software that lets you, in a few clicks, turn your own computer into a temporary .onion hidden service — no third-party server, no account, no registration required. Developed by Micah Lee (Freedom of the Press Foundation) and collectively maintained since 2014, OnionShare is today used by investigative journalists, whistleblowers, activists in high-risk zones, and more broadly by anyone who wants to share a file without going through Google Drive or WeTransfer. This guide covers installation on all platforms, the four modes (share, receive, host a website, chat), concrete use cases, and limitations.

⚫ Page filtered. The full catalogue is on Tor. Tor access →

What exactly is OnionShare

OnionShare is a single-use .onion hidden service generator. When you launch the app, it starts three components locally: (1) a small Python/Flask web server, (2) an embedded Tor process that exposes that server via a freshly generated v3 .onion address, and (3) an authentication system via Client Authorization v3 that protects access with a private key.

The result: a temporary .onion address you can send to your contact, protected by a key you transmit via a separate channel. No third-party server is involved. No data passes through Google, Microsoft, or Cloudflare. When you close OnionShare, the address disappears permanently — it cannot be reused or recreated.

Installation

Windows

  1. Download the .msi installer from onionshare.org
  2. Double-click it, accept the UAC prompt, and follow the wizard
  3. Launch OnionShare from the Start menu

macOS

  1. Download the .dmg from onionshare.org
  2. Drag OnionShare into the Applications folder
  3. On first launch, right-click → Open to bypass Gatekeeper

Linux

Via Flatpak (recommended, distribution-independent):

flatpak install flathub org.onionshare.OnionShare
flatpak run org.onionshare.OnionShare

Via your distro's official repository:

# Debian/Ubuntu
sudo apt install onionshare

# Arch Linux
sudo pacman -S onionshare

# Fedora
sudo dnf install onionshare

Android

Via F-Droid (recommended) or Google Play — search for "OnionShare" and install the official version.

First launch

On first startup, OnionShare launches its own embedded Tor process (no need to have Tor Browser installed). Initialization takes 10 to 60 seconds to establish the circuit. Once ready, the main interface displays four tiles corresponding to the four modes.

In the settings (gear icon, top right), you can:

  • Choose between the embedded Tor or an external Tor already installed
  • Configure a bridge if you are in a country that censors Tor (obfs4, Snowflake) — see our guide on bridges
  • Enable/disable persistence of settings between sessions

Mode 1: sharing files

The most commonly used mode. Drag one or more files into OnionShare, click "Start sharing", and receive a .onion address. The recipient opens the address in Tor Browser and downloads the ZIP (multiple files are automatically zipped).

Advanced options:

  • "Stop sharing after files have been sent": the share closes automatically after the first complete download (enabled by default)
  • "Allow multiple downloads": permits N downloads before closing
  • Schedule start/stop: plan automatic opening and closing

Mode 2: receiving files (dropbox)

The reverse: you provide a .onion address to a contact so they can send files to you anonymously. This is the mode used by journalists to receive documents from whistleblowers.

Receive mode creates a simple web page with an upload form. Your contact opens the address in Tor Browser, selects files, and sends them. You automatically receive the files in a local folder.

OnionShare also supports sending text messages in addition to files — useful for a quick tip without an attachment.

Mode 3: hosting a temporary website

You can host a small static HTML site in one click. Drop a folder containing HTML/CSS/JS files, OnionShare starts the server and generates a .onion address. Perfect for:

  • Publishing an urgent statement accessible only via Tor
  • Sharing documentation with a remote collaborator
  • Testing a site before public deployment
  • Publishing investigation findings for reviewers in high-risk zones

"Public mode" disables Client Authorization — the address is then accessible to anyone who knows the URL. Reserve this for cases where the confidentiality of the URL itself is sufficient.

Mode 4: anonymous chat

The most recent mode (added in 2020): an ephemeral chat accessible via .onion, with no external chat server, no account, no message history. Messages exist only in memory while OnionShare is running.

Minimal interface, multiple participants possible simultaneously, each with an auto-generated username. When you close OnionShare, the entire conversation disappears. No logs, no backups.

Use cases: sensitive meeting between journalists, activist coordination, ephemeral attorney-client consultation.

Real-world use cases

The Washington Post and SecureDrop

Several newspapers (Washington Post, New York Times, the Guardian) have begun using OnionShare alongside SecureDrop for one-off exchanges with sources. SecureDrop remains the persistent infrastructure; OnionShare serves for single sends or quick communications.

Iranian activists in 2022

During the post-Mahsa Amini protests, many Iranian activists used OnionShare to share videos and documents with Western journalists, bypassing channels monitored by the regime. See our guide on Tor in Iran.

Lawyers and clients in high-risk zones

Lawyers specializing in sensitive cases (terrorism, dissidence, whistleblowing) use OnionShare to transmit case files to their incarcerated clients (through trusted intermediaries) or in hostile jurisdictions.

Limitations and pitfalls

  • Tor speed: for large files (>500 MB), Tor's speed makes sharing slow. For terabytes of data, prefer physical media (an encrypted USB drive delivered in person).
  • Your machine must stay on for the entire duration of the share. If you close your laptop, the .onion address becomes unreachable.
  • Metadata: OnionShare does not strip EXIF metadata from photos or properties from Office documents. Use Metadata Cleaner (built into Tails OS) before sharing.
  • Weak anti-forensics: downloaded files leave traces on your disk and the recipient's. For truly sensitive use, combine with Tails (which persists nothing).
  • Client Authorization: the private key must be transmitted via a separate encrypted channel (Signal, PGP email). Never post it alongside the URL.

OnionShare FAQ

What is OnionShare?
OnionShare is an open-source tool developed by Micah Lee (Freedom of the Press Foundation) that lets you share files, receive files, host a temporary website, or start an anonymous chat — all directly via a temporary .onion address generated locally on your machine. No third-party server is involved, no account is required, and the .onion address vanishes as soon as you close OnionShare.
Is OnionShare free and open source?
Yes, OnionShare is entirely free, open source (GPL-3.0 license), and the code is available on GitHub (onionshare/onionshare). The application is maintained by an international team under the governance of the Freedom of the Press Foundation. Independent security audits were conducted in 2022 and 2024.
How does OnionShare work technically?
OnionShare launches a minimal local web server (Flask in Python) on your machine, starts a Tor process that exposes that server via a freshly generated .onion hidden service, and displays the .onion address for your recipient. All traffic passes entirely through the Tor network — neither your IP nor your recipient's IP is exchanged directly. When you close OnionShare, the hidden service disappears permanently.
What file size can be shared?
Technically unlimited — you can share multiple gigabytes. In practice, Tor's limited speed (3–5 MB/s on average, much slower for large files) makes sharing gigabytes uncomfortable. For files over 500 MB, plan for several hours of continuous connection on both the sender's and recipient's side.
Is OnionShare truly safe for whistleblowers?
It is one of the most solid tools for this specific use. Edward Snowden, Chelsea Manning, and many investigative journalists (Washington Post, Le Monde via Disclose) use or have used it. No critical vulnerability has been publicly discovered. However, OnionShare does not protect against human error: sharing a document with EXIF metadata (smartphone photo) or Word file properties can still be identifying.
Can OnionShare be used on mobile?
Yes, on Android via an official app (OnionShare Android) available on Google Play and F-Droid. On iOS, the app does not exist due to Apple's restrictions on Tor; the alternative is to run OnionShare from a computer and share the .onion address with the recipient, who opens it in Onion Browser on iOS.