New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature request] "Portable" settings #366
Comments
@micahflee I think this one was fixed in last release (the onionshare / onionshare-gui executables can take a --config argument to load settings from a user-specified location), maybe can be closed |
Great news, thanks for the update. |
Carrying from #551, not just the cache/state data but the config dir needs to be protected from other running OnionShare instances tampering with that data. "But there's also another problem. Previously in Windows and Linux, you can open multiple instances of OnionShare, and each instance just had its own separate tor process and data dir. Now, if you open a second instance, it will crash and die because the first instance is using that data dir already. Maybe this is fine and you should only be allowed to run one instance at a time (or somehow multiple instances should share the same tor?), but if this is the case then we need make OnionShare check for other running instances when opening and handle it cleanly." We need the config to be stored in a location that other PIDs can't write to (e.g the running PID claims some exclusive lock). We may as well store the Tor 'state' data in this place too for the same purpose. And as per #506, perhaps the 'temp' area where the zip file is created/stored. And as per #367, maybe the whole OnionShare installation code should be here too so that the whole thing could sit on a usb stick? (but not so sure about that) |
Having all the files in one place as much as possible is ideal both for the purposes of running the program from a USB drive (and leave no traces behind) but also for saving inside an encrypted volume such as VeraCrypt. Note I haven't tested the program's actual behavior yet (not for lack of desire, just circumstance) so I just wanted to state this as a goal rather than a bug. |
I've heard in the field of more interest in this feature, particularly regarding Veracrypt volumes. We should step up this feature - adding to 2.1 milestone |
Yes, I can confirm this is an important improvement for investigative journalists and their sources in the field. It would make it possible to set up OnionShare inside a VeraCrypt container in a way that would provide plausible deniability to whomever is using it. This is a real-world scenario we have encountered. It would be good if this feature was OS-agnostic, i.e. work the same way on any OS supported by OnionShare. |
Is portable setting implemented? Can it safely be sued on a USB drive? |
Did I miss something? Steps: Download and launch OnionShare 2.3.1.msi Result: Just installs, no notice about where to install. Program looks great, but not sure it makes sense to close the portable settings issue. |
@vatterspun this issue was not closed, I had closed a duplicate. #367 talks about the installer location (the topic you are talking about). This issue talks about where to store the settings and cache/state data. @micahflee am I wrong or do we effectively have 'portable settings' now - as well as cache/state data - thanks to #1336 ? It might just be needed to be documented for advanced users storing their OnionShare data on a thumb drive or somesuch? EDIT I guess we do but only for Linux.. |
|
Setup: Win7x86
Current behavior:
Saves settings to USER\AppData\Roaming\OnionShare\onionshare.json
Requested behavior
Settings written to the local folder (e.g. if the folder is at C:\temp\OnionShare, settings will be written to C:\temp\OnionShare\onionshare.json ... if saved to Z:\private\OnionShare, it should write settings to Z:\private\OnionShare\onionshare.json)
Why?
Leaving files on the machine where the program is launched may give an indication that the program was used to transmit files, which could harm user privacy. Additionally, if the program is run from a cloud service or USB drive, users will not need to re-enter settings on each computer the program is run from.
Is this really an issue?
I can't personally claim that a lot of users need this but I can say that Windows Tor Browser behaves this way, writing all settings to the application folder.
The text was updated successfully, but these errors were encountered: