The Troubling Truth of Why It’s Still So Hard to Share Files Directly


It’s not always easy to spot the compromises in the technology we use, where we’ve allowed corporate interests to trump public ideals like privacy and press freedom. But sometimes new developments can cast those uneasy bargains into relief—and show that the public may not have even been at the table when they were made.

That was the case last month when, with an unassuming post to Twitter, technologist Micah Lee unveiled his latest project. It’s called OnionShare, and it’s a tiny free software app that creates a direct connection between two users, allowing them to transfer files without having to trust a middleman site like DropBox or Mega. It runs over Tor, which means that to anybody intercepting the traffic, both the sender and receiver are near-totally anonymous.

It’s a great new software solution to a thorny problem, one that Lee described reading about in Glenn Greenwald’s new book, “No Place To Hide.” And it’s brilliant in its simplicity, too: the first functional version was only 127 lines of code, making it easier for a new developer to understand exactly what’s going on, and harder for somebody to hide a backdoor or security mistake.

What Took So long?

As an activist at the Electronic Frontier Foundation, a civil liberties group that focuses on technology, I work on the same issues that OnionShare is designed to solve. And it’s been frustrating that a simple, usable tool that fills an obvious need took until 2014 to come along. Why would that be the case?

Our work on other issues—copyright and free speech—suggests the answer. Groups like the Motion Picture Association of America (MPAA), the Recording Industry Association of America (RIAA), and others that make up the copyright lobby have actively campaigned against the kinds of tools that address these aims.

OnionShare creates direct connections between users, making it an example of peer-to-peer network architecture. The copyright lobby’s got a long history with peer-to-peer: at least since Napster emerged a decade and a half ago, corporate copyright holders have endeavored to destroy examples of the tech. We live today with the disastrous results.

After 15 years of being attacked, villainized, and litigated over, peer-to-peer programs and protocols have become a hard sell for investment and development. And as centralized products have gotten a lion’s share of the attention, their usability and market share have increased as well.

The copyright lobby characterizes peer-to-peer as a piracy facilitator, but it’s not difficult to see many more possible applications for a tool like OnionShare. Beyond Lee’s announced goal of journalists sharing sensitive source documents, his app could be handy for anybody collaborating on large files, like videos or images; for researchers working on large data sets; or even, say, friends and family members exchanging archives of photos from an event. The problem of moving files around that are larger than a few megabytes is one well enough established that it’s gotten the XKCD treatment.

Why We Need Peer-to-Peer So Badly

This conundrum has no easy resolution. The qualities that the copyright lobby dislike about peer-to-peer are precisely the ones that make it a powerful choice for defenders of press freedom and personal privacy. Namely, peer-to-peer offers no convenient mechanism for centralized surveillance or censorship. By design, there’s usually no middleman that can easily record metadata about transfers—who uploaded and downloaded what, when, and from where—or block those transfers. With some peer-to-peer implementations (though not Lee’s) that information may be publicly accessible. But recording all of it would require a dragnet effort, not a simple request for a log file from a centralized service provider.

The distinction is further reflected in the U.S. legal system, which often offers data that goes through a third party reduced protection. That premise, the “third party doctrine,” is badly out-of-date, and produces counter-intuitive results in an era where the location of data storage is otherwise abstracted away. Already one Supreme Court Justice, Sonia Sotomayor, has called for reconsidering it. But as long as the third party doctrine exists, architectures like peer-to-peer that allow for direct communication, broadly speaking, provide more privacy protection against invasive government requests.

John Gilmore, a co-founder of the Electronic Frontier Foundation and a cypherpunk whose activism has been integral in securing what online privacy we have today, gave a famous quote to TIME Magazine in 1993: “The Net interprets censorship as damage and routes around it.” It’s a beautiful sentiment, but it’s not always as true as its matter-of-fact presentation makes it seem—and it’s less true than ever on centralized one-to-many systems.

A video embedded in a thousand articles can disappear when YouTube decides to take it offline. That’s a stark contrast with distributed peer-to-peer systems, like BitTorrent, where files are served in pieces from many peers all at once. These systems stick closer to Gilmore’s promise: when one node goes offline, the rest can cover for it.

We Must Change The Story

There’s an obvious interest in a Web that defies censorship, communication channels that defy surveillance, and tools that serve users before serving corporate desires. Those ideals, though, are diffused between all of us. Too often, they come up short against the copyright lobby’s concentrated interests in suppressing that technology. In other words, when we let the story of new technology be about copyright, we lose out on its other major benefits.

There’s one bright spot. If there’s a lesson from the past 15 years of peer-to-peer history, it’s that each generation of technology has been harder to control. As peer-to-peer has continued to develop, it’s become increasingly resistant to centralized monitoring and filtering. Fortunately for defenders of press freedom, OnionShare pushes that trend further than ever before. The public at large has been ill served by 15 years of the history of peer-to-peer tech being driven by copyright interests—it’s high time we see what it can do in the public interest instead.

Comments are closed.