Hey everyone,

[How it's currently done]

Distributed by gettor@torproject.com, the URL makes it pretty clear what you're downloading. Dropbox: https://www.dropbox.com/s/mz9ug2rzvj85791/torbrowser-install-5.5.5_en-US.exe... Google Drive: https://docs.google.com/uc?id=0B76pDbk5No54VHowTEprZnBfWlU&export=downlo... GitHub: https://github.com/TheTorProject/gettorbrowser/releases/download/v5.5.5/torb...

[Security problem]

The download URL on Google Drive is somewhat obfuscated, but once the download is started, the filename that the browser requests is 'torbrowser[...]' An environment I was working in has started to block the files based on name, and it would be very easy for an adversary monitoring network traffic to detect users downloading it.

[Solution proposed]

When the user emails gettor, they could also request obfuscation. An application would randomize the filename and upload it to a mainstream host (Google, Dropbox, GitHub, AWS). Maybe even protect the file from scanning by making an AES encrypted ZIP file, and giving the user the password in the reply email.

I'd be happy to make a proof-of-concept.

What do you all think of this? Does anyone have any better ideas? Anything that uses less processing resource?