Cool project. It shows the power of Tor hidden services here: you can have peer to peer communication regardless of either side's network topology. It just needs to connect to the Tor network and you're good to go. (And yes, Tor can connect through "fascist" firewalls, as the configuration itself puts it[1].)
If you think about it, it's dead simple to make: run the tor binaries, run a netcat binary that listens on a certain port, and configure tor (two lines of config) to run a hidden service connecting to that netcat port. Then read the generated hostname file for the .onion address and display it to the user. Reverse thing on the other side.
I don't mean to say that OnionShare is not useful, OnionShare to the above script is what Firefox is to Lynx (to take an example). I just mean to say that it's interesting how easily this can be done with just five commands.
Without HTTP, it'll be a little clumsy. The downloader won't be able to pause and resume the download, and won't know what is the progress of the download (unless you tell her the exact file size beforehand, which might be tricky sometimes, especially in automated circumstances). You will also need to resort to this for sharing the metadata such as the MIME type of the file.
I think using HTTP for this is more robust, even if it requires you to download and spin up OnionShare.
Btw, the fascist firewall evasion is great. In my dorm, the only allowed ports were 80 and 443, and I was able to connect to Tor effortlessly.
As a friendly reminder to other Tor entry node operators: this firewall evasion only works if you have your tor node running on port 80/443. Please consider doing so.
RetroShare [0] does this, too, and covers many other communication needs (mailing, chatting, forum, etc.) while being p2p/decentralized/public-key-encrypted/open source.
Yes, it rolls it's own DHT to connect users and encrypts all communications between them end-to-end, but makes no attempt at anonymity for direct friend-to-friend connections once authenticated IIRC.
it's most likely important to check the signatures of the key. But yeah, this is one aspect where I always look confused about the security theater. You need a closed chain of trust (which can include a trusted root CA). Else it's all worthless. Two servers are almost as easy to MITM-attack as one if you are the oppressive government that has back doors to the common pre-installed ssl certs.
I still don't understand why Greenwald didn't get his friend to courier a giant one time pad on a handful of memory sticks. Then he could just swap unbreakably encrypted files using Mega or Dropbox or whatever to his heart's content.
Would it be worthwhile to combine this with a service like tor2web, even if it means there won't be end-to-end encryption? I could think of quite a few situations where the anonymity of the downloader is not nearly as important as that of the uploader.
You are already free to use tor2web. However, if the downloader is exposed, that still puts the uploader at great risk because the link needs to be shared over a (likely less-secure) sidechannel.
OS version numbers are a pretty arbitrary metric. A more accurate comparison is complaining about software that doesn't run on Windows 7, considering Snow Leopard and Windows 7 were released the same year.
Except that Apple has put out 3 major updates since then, and 2 of them are free. Version numbers are a valid metric, even Debian doesn't support 3 versions back. For Apple systems, it's pretty clear that folks more than a version back are signing up for rough waters, which I suspect is a large reason that they dropped the price tag from OS upgrades in the first place.
He made it pretty clear that it's not misleading in terms of compability updates. Apple already dropped support for it. May a comparison with Win XP sooth your fanboy heart? :3
Throwing that term around on this forum says more about yourself than anyone else, beyond that, I think most reasonable individuals recognize that desktop operating system technology progresses at relatively similar paces, there is nothing special about Apple's software or hardware that should require it to become obsolete within five years of purchase.
Win XP
Released 14 years ago. If you can't understand why comparing the usability of operating system software written a decade apart is fallacious, then I have to say that you're a bit ignorant on the topic.
One minor point: anyone with a Core Duo (or earlier) Mac is limited to Snow Leopard. So, 3 releases later or not, there are many people that can't upgrade.
All my Macs are capable of running Mavericks, but one of my MacBook Pros that I use most often still runs Snow Leopard (most of the time) because its version of Exposé is superior to Mission Control and Quick Look (aside from URLS) has vastly superior compatibility with nearly all video codecs I throw at it with Perian running in the background. Apple killed that for newer OS versions and no one has made a workaround yet.
I've also found that Apple decided to degrade things like Safari in the Mavericks update as well. For example, Safari lost it's separate window download manager which is I use very often to monitor download speeds, drag and drop files, urls to, etc. that doesn't work at all or isn't practical with Apple's downgrade. And, Safari 5.1.10 and Snow Leopard is very fast. I see very little difference and even some advantages to 10.6.8 in speed here and there to this day compared to Mavs 10.9.3.
Apple also got downgraded the Activity Window in the versions of Safari that run on Mavericks as well which I use all the time to easily root out video downloads and snag them for offline usage that many of the video download extensions and apps miss.
But the overall main thing I can't stand is the horrible downgrade of Quick Look. I use Quick Look as much as I breathe and for Apple to eliminate its compatibility with so many codecs in one broad swoop makes the advantages of Mavericks not worth it for me. If someone can get Maverick's Quick Look fixed to work with Quick Look extensions and have it be on par with Snow Leopard, I'm more apt to move away from SL.
Theres other things I can do in Snow Leopard that others simply cannot do in Mavericks as well, but I covered some of the main points. And, yes, I take extra steps to secure my machine since there are security issues using older versions of apps and OS.
If you think about it, it's dead simple to make: run the tor binaries, run a netcat binary that listens on a certain port, and configure tor (two lines of config) to run a hidden service connecting to that netcat port. Then read the generated hostname file for the .onion address and display it to the user. Reverse thing on the other side.
I don't mean to say that OnionShare is not useful, OnionShare to the above script is what Firefox is to Lynx (to take an example). I just mean to say that it's interesting how easily this can be done with just five commands.[1] https://www.torproject.org/docs/tor-manual.html.en#FascistFi...