[tbb-bugs] #26318 [Applications/Tor Browser]: TBA - Consider different installation methods

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jun 22 21:35:18 UTC 2018

#26318: TBA - Consider different installation methods
 Reporter:  sysrqb                    |          Owner:  tbb-team
     Type:  enhancement               |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-mobile                |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:

Comment (by dmr):

 F-Droid //client// (specifically Bazaar) is a great "offline" app store.

 I haven't follow the progress of the project in a while, but it does allow
 for these sorts of things:
 * peer-to-peer app distribution over wifi
 * peer-to-peer app distribution over bluetooth
 * peer-to-peer app distribution over NFC, Android Beam
 * peer-to-peer app verification
 * `.onion` repos
 * sharing repo identities in person
 Not the //client//, but also part of the F-Droid ecosystem:
 * trusted repos created with `Repomaker`, a web-based UI (not yet ready
 for production)

 While arguably we can't get everyone to use F-Droid, I just wanted to
 point out that they have designed it much with these use cases and
 problems in mind.
 I believe we should focus some resources on educating users about these
 peer-to-peer options, so that they can leverage existing trust
 relationships within communities.

 * [[https://f-droid.org/en/tutorials/swap/|Tutorials - How to Send and
 Receive Apps Offline]]
 * [[https://f-droid.org/en/tutorials/add-repo/|Tutorials - How to Add a
 Repo to F-Droid]] - **specifically see `Option 2: Scan a QR Code from
 Another Device`**
 * [[https://f-droid.org/en/docs/FAQ_-_Client/#how-do-i-send-a-repo-
 configuration-using-nfc|FAQ - How do I send a Repo configuration using
 * [[https://f-droid.org/en/docs/FAQ_-_Client/#how-can-i-send-the-f-droid-
 app-using-nfc-or-android-beam|FAQ - How can I send the F-Droid app using
 NFC or Android Beam?]]
 * [[https://f-droid.org/en/2018/02/02/linux-conf-au-fdroid-
 presentation.html|2018 F-Droid presentation talking about collateral
 freedom, among other things]]
 * [[https://f-droid.org/en/2017/07/03/cuba.html|2017 blog post on F-Droid
 app sharing in Cuba]]
 * [[https://dev.guardianproject.info/projects/bazaar/wiki/|Bazaar project
 * [[https://f-droid.org/en/repomaker/|Repomaker (not yet ready for
 * [[https://guardianproject.info/2017/06/29/repomaker-usability-trainers-
 worldwide-june-2017/|2017 Repomaker usability study]]

 It's worth noting that The Guardian Project has
 repos on multiple distribution channels/platforms]]:
 * direct HTTPS
 * `.onion`
 * AWS S3 (so provides the collateral censorship-resistance properties
 //akin to// domain fronting)

 On a different note, there is also the `App Updater` / update detector
 framework that may be of use for non-F-Droid devices (iiuc):
 * [[https://f-droid.org/en/2017/06/01/announcing-new-libraries-f-droid-
 update-channels.html|Introductory blog post]]
 * [[https://gitlab.com/fdroid/update-channels|Gitlab repo]]
 * [[https://gitlab.com/fdroid/update-
 channels/raw/master/appupdater/README.markdown|raw, no JS required]])
 It's not necessarily relevant for the //first// download/install, but it
 may be helpful nonetheless in the broader scope of things.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26318#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list