Hi!
I've been discussing with my mentors (Sukhbir and Nima) the option of sending HTTP links to download TBB via GetTor. The main reason for this would be that in some censor countries is very difficult to download a "big file" (>= 10 Mb) over SSL, so HTTP links would be needed. Obviously, the user would be warned about the lack of SSL and that he/she *must* verify the integrity of the bundle. On the other side, bundles downloaded over HTTPS should also be verified if you need maximum security, since we can't trust in the cloud services neither. (e.g. Dropbox).
Since this is not an easy decision, we've decided to discuss it publicly. Any thoughts on this? What's your experience regarding this matter? All feedback is welcomed.
In the meanwhile we'll keep considering HTTPS links only.
Regards.
Hello Israel,
On Mon., June 09, 2014, Israel Leiva wrote:
I've been discussing with my mentors (Sukhbir and Nima) the option of sending HTTP links to download TBB via GetTor. The main reason for this would be that in some censor countries is very difficult to download a "big file" (>= 10 Mb) over SSL, so HTTP links would be needed. Obviously, the user would be warned about the lack of SSL and that he/she *must* verify the integrity of the bundle. On the other side, bundles downloaded over HTTPS should also be verified if you need maximum security, since we can't trust in the cloud services neither. (e.g. Dropbox).
How do you qualify 'difficult?' Is this a duration matter or are there timeouts and repeated stream downloads? Is it a financial (money per megaoctet) problem for the users?
Since this is not an easy decision, we've decided to discuss it publicly. Any thoughts on this? What's your experience regarding this matter? All feedback is welcomed.
Do you have statistics of how many users have a good versus bad experience and just how much lowering the bar to HTTP would make a difference in this regards?
Sorry for so many questions, I'm not in the 'difficult' category so have no idea.
In the meanwhile we'll keep considering HTTPS links only.
Good choice, I hope you get the answer you're looking for.
Cheers, Michael
2014-06-10 0:27 GMT-04:00 michael@schloh.com:
Hello Israel,
Hi Michael.
How do you qualify 'difficult?' Is this a duration matter or are there timeouts and repeated stream downloads? Is it a financial (money per megaoctet) problem for the users?
Actually, this is how Nima described it, giving Iran as an example. I don't have further information on what this implies.
Do you have statistics of how many users have a good versus bad experience and just how much lowering the bar to HTTP would make a difference in this regards?
I don't have any statistics regarding this matter. I was hoping people on this ML could contribute with real data and/or examples.
Sorry for so many questions, I'm not in the 'difficult' category so have no idea.
No problem, I'm not in this category either, and asking these questions is certainly helpful.
Good choice, I hope you get the answer you're looking for.
Thanks!
-
Israel Leiva -
michael@schloh.com