Hi people,
I'm currently the maintainer of GetTor [1], and together with Nima and Sukhbir we have been talking about the future of it. First, let me present you what is (roughly) the current status of GetTor:
* We send links to download Tor Browser, along with its signature file. These files are stored on Dropbox. I will be working on integrate new cloud/hosting services during Summer of Privacy.
* We send these links via email. I will be working on new modules to send links via chat (XMPP) and Twitter (DM) during Summer of Privacy.
* We send links to download the English (US) package of Tor Browser. I will be working on support for more locales during Summer of Privacy.
That is what we have now. Is not much, but it works (more info in [1]).
So, what about it? Software evolves, and we think it might be the time of GetTor to go beyond its current design. Moreover, we have received valid concerns that emails could be tampered and users could get malicious versions of Tor Browser (although we have no evidence that this is happening). Right now, when you get the Tor Browser via this method is up to you to verify its integrity.
With this in mind, we have been discussing about the idea of having a signed and verified distributor app (desktop), available on official channels (OSX app store, Google Chrome store, etc), which could ease the process of downloading and verifying the integrity of Tor Browser. In other words, a user should be able to download and make sure it has the right file with just a few clicks. However, we have different thoughts on how this should work:
* Option 1: GetTor should work as a backend and have an API. The distributor (and even other apps) would send queries to this API asking for links. The problem with this is that if Tor Project's website is blocked, is quite possible that the API would be blocked too (e.g. gettor.torproject.org).
* Option 2: The distributor is in charge of presenting various alternatives to the user and getting the files directly from the cloud/hosting services.
So, the purpose of this email is to get feedback from the community, and my specific questions to you people are the following:
1) What do you think of the distributor idea? It is something you or others would want?
2) In case we develop the distributor, should the email autoresponder remain?
3) If you agree on developing the distributor, what option you think would fit better? (please suggest better options)
I would really love to hear your comments about this idea, my work at Summer of Privacy might change depending on this discussion, so please feel free to express your feelings about it :)
Thanks for your time!
[1] https://www.torproject.org/projects/gettor.html.en [2] https://trac.torproject.org/projects/tor/wiki/org/roadmaps/GetTor
--ilv
Hi,
ilv wrote (15 Jun 2015 23:14:54 GMT) :
With this in mind, we have been discussing about the idea of having a signed and verified distributor app (desktop), available on official channels (OSX app store, Google Chrome store, etc), which could ease the process of downloading and verifying the integrity of Tor Browser.
You might be interested in the work that's happening there: https://tails.boum.org/blueprint/bootstrapping/extension/
(I'm not directly involved in this, for more information ask sajolida@pimienta.org.)
Cheers, -- intrigeri
On 16/06/15 05:15, intrigeri wrote:
Hi,
Hi,
You might be interested in the work that's happening there: https://tails.boum.org/blueprint/bootstrapping/extension/
(I'm not directly involved in this, for more information ask sajolida@pimienta.org.)
This looks great, thanks for the link! I still haven't read it in depth, but a priori it seems that it's quite close to what we want to achieve (as one component of the distributor, at least).
Best, --ilv
ilv:
On 16/06/15 05:15, intrigeri wrote:
You might be interested in the work that's happening there: https://tails.boum.org/blueprint/bootstrapping/extension/
(I'm not directly involved in this, for more information ask sajolida@pimienta.org.)
This looks great, thanks for the link! I still haven't read it in depth, but a priori it seems that it's quite close to what we want to achieve (as one component of the distributor, at least).
Hi,
Maybe an important difference here is that GetTor is a way to circumvent censorship (if I understand correctly), while our extension works to provide authentication only. I think it's a good idea to rely on browser stores not to be censored in the same way as your website. But our extension for example, is downloaded from the browser but then is executed from a webpage on our website and relies on description files provided by our website to verify downloads that are done one any of our mirrors. In this scenario, both our website and our mirrors could be easily blocked by someone who wants to block our downloads while not blocking the browser store.
Still, if you think that you can reuse part of our extension we would be very happy to work together with you to make this possible. We almost finished specifying the extension and Giorgio Maone from NoScript has started coding a first prototype.
Hi,
Hi!
Maybe an important difference here is that GetTor is a way to circumvent censorship (if I understand correctly), while our extension works to provide authentication only. I think it's a good idea to rely on browser stores not to be censored in the same way as your website. But our extension for example, is downloaded from the browser but then is executed from a webpage on our website and relies on description files provided by our website to verify downloads that are done one any of our mirrors. In this scenario, both our website and our mirrors could be easily blocked by someone who wants to block our downloads while not blocking the browser store.
You are right, thanks for the clarification. GetTor should work when access to Tor Project is blocked, so the scenario you mention would not work in our case. In any case, the idea would be to rely on browser stores and start from there.
Still, if you think that you can reuse part of our extension we would be very happy to work together with you to make this possible. We almost finished specifying the extension and Giorgio Maone from NoScript has started coding a first prototype.
Great! I'm sure your work will be of help to us if we decide to do something similar. I'll contact you if anything comes up :)
--ilv
ilv wrote:
With this in mind, we have been discussing about the idea of having a signed and verified distributor app (desktop), available on official channels (OSX app store, Google Chrome store, etc), which could ease the process of downloading and verifying the integrity of Tor Browser. In other words, a user should be able to download and make sure it has the right file with just a few clicks.
While I don't necessarily want to discourage you from working on GetTor, it's worth noting the duplicated effort in terms of distribution apps. My primary project makes downloading Tor (and other privacy software) from un-censored sources easy, verifying sha256 hashes easy, along with distributing tutorials and bridges [1][2].
The project is called Satori -- it's under heavy development, but has traction, particularly in Iran and China [3]. Satori comes partly from the fact that I don't scale -- 1-to-1 distribution is important but takes a lot of time and a handful of trainers can't help everyone. So I can write applications and increase my positive impact (particularly once guides are included and translations are finished). Downloads are via accessible CDNs and torrents.
To answer your questions: 1) distributors are important IMO (see above). 2) I've always liked the idea of email autoresponders for software, but as the size of the Tor Browser increases, I'm not sure how viable it will be. It may be worthwhile to experiment with sending unblocked CDN links and torrent files. 3) I considered an API but don't think it would work as it just recreates the single point of failure that one is trying to avoid with this kind of project. At least for me, the focus on CDN and bittorrent-based software distribution make the most sense.
best, Griffin
[1] http://imgur.com/a/EIR80 [2] https://github.com/glamrock/satori [3] [the Chrome version's been out for more than a year]
Hi Griffin,
On 16/06/15 05:54, Griffin Boyce wrote:
While I don't necessarily want to discourage you from working on GetTor, it's worth noting the duplicated effort in terms of distribution apps. My primary project makes downloading Tor (and other privacy software) from un-censored sources easy, verifying sha256 hashes easy, along with distributing tutorials and bridges [1][2].
Au contraire, thanks for pointing this out. I'm familiar with your work, I just forgot to mention it as a reference of similar work. And yes, the idea is not to duplicate effort :)
The project is called Satori -- it's under heavy development, but has traction, particularly in Iran and China [3]. Satori comes partly from the fact that I don't scale -- 1-to-1 distribution is important but takes a lot of time and a handful of trainers can't help everyone. So I can write applications and increase my positive impact (particularly once guides are included and translations are finished). Downloads are via accessible CDNs and torrents.
Although the result would be similar (the desktop flow is pretty much what we want), for the moment I'm not sure if we want do it in the same way. We're still brainstorming though.. (I'll create a wiki page and send it later in this thread in case you want to collaborate).
When new versions of Tor Browser are available, how does the update process works in Satori (uploading it, doing checksums, etc)?
To answer your questions: 1) distributors are important IMO (see above). 2) I've always liked the idea of email autoresponders for software, but as the size of the Tor Browser increases, I'm not sure how viable it will be. It may be worthwhile to experiment with sending unblocked CDN links and torrent files. 3) I considered an API but don't think it would work as it just recreates the single point of failure that one is trying to avoid with this kind of project. At least for me, the focus on CDN and bittorrent-based software distribution make the most sense.
With respect to point 2), we do not send attachments, we're sending Dropbox links and soon enough we'll be sending Github links too.
About 3), right now we're figuring out if we can use an API (or something similar) with some sort of mirroring approach that could help us avoid the single point of failure that you mention. As I said, we're still discussing, so we might get to the same conclusion as you :)
Thanks for your comments Griffin!
Best, --ilv
-
Griffin Boyce -
ilv -
intrigeri -
sajolida