<div dir="ltr">If we can go up to 1.7GB, then that's not a problem. There could also be a simple script setup to clone <a href="https://github.com/glamrock/tbb-bin">tbb-bin</a> if GitHub does start to enforce the limit on our repo, or we could start looking at external sources. My ideal is that someone can just use "git clone" and have a working mirror, so I'd prefer for the script to be a backup plan.<div>
<br></div><div>Is tbb-bin currently updated by a script, or is everything done manually?</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sun, May 4, 2014 at 1:52 AM, Griffin Boyce <span dir="ltr"><<a href="mailto:griffin@cryptolab.net" target="_blank">griffin@cryptolab.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Should we loop in tor-talk on this? They might have some additional ideas =)<div class=""><br>
<br>
William Papper wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
We're now looking for suggestions on providing downloads for<br>
censored countries.<br>
</blockquote>
<br></div>
I've been working on this recently with Satori [1][2], and decided to mirror on AWS, Github, and Chrome Web Store. (that last one is a logistical nightmare and not recommended).[4]<br>
<br>
The reason is that these are places where there's a strong financial incentive for countries to not block them or MITM. Doesn't mean that they won't wind up blocked or tampered with, but makes it less likely. Both AWS and Github are also accessible in Iran and China.<div class="">
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
1. Host the downloads directly on each mirror<br>
While this would work, the combined size of all of the files is<br>
greater than GitHub's 1GB limit per repository.<br>
</blockquote>
<br></div>
I've talked to github about this -- specifically about distributing software -- and they said that it's a soft limit. I have repositories that are ~2GB which are fine. Might be better to divide into individual repos by language if you're concerned they might change their policies.<div class="">
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
2. Use an external download mirror that is not <a href="http://torproject.org" target="_blank">torproject.org</a><br>
Could we use something like Amazon S3 or Sourceforge?<br>
</blockquote>
<br></div>
AWS s pretty straightforward, but I would not suggest Sourceforge due to their advertising policies.<div class=""><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
3. Provide torrents to users in censored countries<br>
This seems much more difficult to block, which is good. I couldn't<br>
find any official TBB torrents, though.<br>
</blockquote>
<br></div>
Potential problem[3] with this is that if an adversary becomes a seeder, they can tally IP addresses of people trying to get ahold of circumvention software. Highly problematic for people who might get a knock at the door. Also, not sure how likely it is that the torrent trackers would just get blocked.<div class="">
<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
4. Assume that the user is not living in a censored country<br>
</blockquote>
<br></div>
Can you expand on this a bit?<br>
<br>
best,<br>
Griffin<br>
<br>
[1] <a href="https://github.com/glamrock/satori" target="_blank">https://github.com/glamrock/<u></u>satori</a><br>
[2] <a href="https://chrome.google.com/webstore/detail/satori/oncomejlklhkbffpdhpmhldlfambmjlf" target="_blank">https://chrome.google.com/<u></u>webstore/detail/satori/<u></u>oncomejlklhkbffpdhpmhldlfambmj<u></u>lf</a><br>
[3] <a href="https://mailman.stanford.edu/pipermail/liberationtech/2014-March/013158.html" target="_blank">https://mailman.stanford.edu/<u></u>pipermail/liberationtech/2014-<u></u>March/013158.html</a><br>
[4] So the process here is that one is distributing unlisted "apps" which are .crx files. Within those compressed files are the TBB and a required manifest.json file. That's pretty straightforward, and nigh-unblockable, but downloading a crx as a zip automatically is difficult for windows/mac (easy for linux). And there are currently 60 bundles total (30 for linux). Making these could be scripted. Every Google Chrome Developer account maxes out at 20 apps or extensions, so we'd still need to create/verify 2-3 accounts if we wanted full language support. Like I said, logistical nightmare, but I do it for Arabic, Farsi, and Chinese because the tradeoffs are IMO worth it (and 6 is no big deal).<div class="HOEnZb">
<div class="h5"><br>
______________________________<u></u>______________________________<u></u>____________<br>
Tor Website Team coordination mailing-list<br>
<br>
To unsubscribe or change other options, please visit:<br>
<a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/www-team" target="_blank">https://lists.torproject.org/<u></u>cgi-bin/mailman/listinfo/www-<u></u>team</a><br>
</div></div></blockquote></div><br></div>