There are a variety of contexts in which network users have legitimate reasons to want to exchange information, e.g. documents and media files, while maintaining anonymity. One such context is an online user group with a special interest in a particular medical condition that is associated with unfair or illegal discrimination. The challenge for designing a secure and anonymous file sharing system is that it seems necessary for some external source to know the network destination of the requested information. This is problematic because the identity of the recipient can potentially be determined from a network address. Even if the source or conduit of the information is trusted, it may be compromised by an outside agent who cannot be trusted. In this paper we use a general mechanism called 'group anonymity' that provides a new level of network privacy and security. We also describe a particular use of this mechanism in a software system which is an anonymous file sharing application that preserves the anonymity of users using the system and the privacy of the data being exchanged.