NB: Sorry for breaking the threading. Replying to the right message. dawuud:

Alice and Bob can share lots of files and they can do so with their Tor onion services. They should be able to exchange files without requiring them to be online at the same time. Are you sure you've choosen the right model for file sharing?

I haven't chosen any storage model. I'm just wondering about technical capabilities of Tor to act as _anonymous_ transport for this data. "Will one be anonymous when they transmit big amount of data?" "What the limits are?" "What step should the source take to be safe?"

If Alice and Bob share a confidential, authenticated communications channel then they can use that to exchange key material and secret connection information. That should be enough to bootstrap the exchange of large amounts of documents:

The Internet is not confidential. Surely the opposite.

Anyone who hacks the storage servers she is operating gets to see some interesting and useful metadata such as the size of the files and what time they are read; not nearly as bad as a total loss in confidentiality.

Yes, but there are much more adversaries. Any AS near the endpoints poses big threat.

No that's not necessarily correct; if the drives contain ciphertext and the key was not compromised then the situation would not be risky.

The source can easily fail by compromising fingerprints, chemical traces, serial number of the hard drive (with proprietary firmware!), place of origin and other 'physical' metadata. It's not "just ciphertext" in a vacuum. -- Ivan Markin