On Tue, May 20, 2014 at 8:38 PM, Micah Lee micah@micahflee.com wrote:
I just wrote a little program called OnionShare, that makes it simple to share a file securely using a password-protected Tor hidden service: https://github.com/micahflee/onionshare
Seeing the examples on that page, why you're not simply making the GET /hash in the url be the hash of the file itself. If not behind a location anon system it may help hide in a tiny way. But we are anon, so making easier for the requestor to not download the same hash as is already on their filesystem again, perhaps they got from elsewhere, etc, would make more sense. A bunch of people all sharing different apparent hash links (to the same thing they all host), on say IRC mob, seems wasteful and/or confusing. Even if presented filename index is the same. It would avoid needing to load that.
Or you are trying to give a one-time unique hash to a user, but then the server should instead shut down after the first DL to ensure [1] this. [1] only so far as you really know what that user/system does with the link after you give it out, leave keyboard, etc.
So probably some options and new defaults to add.