OnionShare

What is OnionShare?

OnionShare is an anonymity tool for journalists and whistleblowers. As a source, you can use our OnionShare installation to anonymously submit documents to our organization. 

When should you use OnionShare?

• If you want to send us highly confidential material OnionShare is likely the best option. For example, if you possess internal documents of a company or government authority that show clear GDPR violations, but you fear consequences when disclosing the material, you may best use OnionShare.
• However, if the documents are not especially confidential and you are confident that disclosing these documents may not lead to any consequences for you, it may be easier to use other means, like PGP encrypted emails (see below).

What should I know before submitting material through OnionShare?

To protect your anonymity, it is essential that you do not use a network or device that can easily be traced back to your real identity. Instead, use public wifi networks and devices you control.

• Do NOT access OnionShare on your employer’s network.
• Do NOT access OnionShare using your employer’s hardware.
• Do NOT access OnionShare on your home network.
• DO access OnionShare on a network not associated with you, like the wifi at a library or cafe.

Got it. How can I submit files and messages through OnionShare?

Once you are connected to a public network at a cafe or library, download and install the Tor Browser.

Launch the Tor Browser. Visit noyb’s unique OnionShare URL at

http://x4mr7u643uenqowuluxpyxlsvtxezg4yt4xeh5zzrlgkolyqnxjblead.onion/

Follow the instructions you find on our source page to send us materials and messages.

Note: As the process to check new submissions takes time, it can take up to one month until we can get back to you (if you provide an email address).

As a source, what else should I know?

No tool can absolutely guarantee your security or anonymity. The best way to protect your privacy and anonymity as a source is to adhere to best practices.

• Think about who you want to be protected against (employer, state actor, officials) and what their options are.
• Think about non-technical factors. For example, being the only person with access to documents that is known to be very critical about a practice makes you a likely suspect. Texts can contain your unique style.
• Do not discuss leaking or whistleblowing, even with trusted contacts.   
• A file contains valuable metadata about its source — when it was created and downloaded, what machine was involved, the machine’s owner, etc. You can scrub metadata from some files prior to submission using the Metadata Anonymization Toolkit featured in Tails.
• You can use a separate computer you’ve designated specifically to handle the submission process. Or, you can use an alternate operating system like Tails, which boots from a USB stick and erases your activity at the end of every session.
• Your online behavior can be revealing. Regularly monitoring noyb’s social media or website can potentially flag you as a source. Take great care to think about what your online behavior might reveal, and consider using Tor Browser to mitigate such monitoring.
• noyb retains strict access control over our OnionShare. Only a limited number of lawyers and a tech experts within noyb will have access to OnionShare submissions. We control the servers that store your submissions, so no third party has direct access to the metadata or content of what you send us.

If OnionShare is unavailable or Tor is blocked for you, there is a secure alternative for confidential messaging.

Create a dummy email account and use a PGP email plugin or client to send an encrypted email using our PGP Public key.

E-Mail: info @ n o y b . eu
PGP fingerprint: 69E6 620C 4C96 80F7 C6AA  E5BC 183B 7F42 DD1B 765F
PGP key server: keys.openpgp.org