[tor-bugs] #26318 [Applications/Tor Browser]: TBA - Consider different installation methods
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jun 22 21:35:18 UTC 2018
#26318: TBA - Consider different installation methods
--------------------------------------+--------------------------
Reporter: sysrqb | Owner: tbb-team
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-mobile | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by dmr):
F-Droid //client// (specifically Bazaar) is a great "offline" app store.
I haven't follow the progress of the project in a while, but it does allow
for these sorts of things:
* peer-to-peer app distribution over wifi
* peer-to-peer app distribution over bluetooth
* peer-to-peer app distribution over NFC, Android Beam
* peer-to-peer app verification
* `.onion` repos
* sharing repo identities in person
Not the //client//, but also part of the F-Droid ecosystem:
* trusted repos created with `Repomaker`, a web-based UI (not yet ready
for production)
While arguably we can't get everyone to use F-Droid, I just wanted to
point out that they have designed it much with these use cases and
problems in mind.
I believe we should focus some resources on educating users about these
peer-to-peer options, so that they can leverage existing trust
relationships within communities.
References:
* [[https://f-droid.org/en/tutorials/swap/|Tutorials - How to Send and
Receive Apps Offline]]
* [[https://f-droid.org/en/tutorials/add-repo/|Tutorials - How to Add a
Repo to F-Droid]] - **specifically see `Option 2: Scan a QR Code from
Another Device`**
* [[https://f-droid.org/en/docs/FAQ_-_Client/#how-do-i-send-a-repo-
configuration-using-nfc|FAQ - How do I send a Repo configuration using
NFC?]]
* [[https://f-droid.org/en/docs/FAQ_-_Client/#how-can-i-send-the-f-droid-
app-using-nfc-or-android-beam|FAQ - How can I send the F-Droid app using
NFC or Android Beam?]]
* [[https://f-droid.org/en/2018/02/02/linux-conf-au-fdroid-
presentation.html|2018 F-Droid presentation talking about collateral
freedom, among other things]]
* [[https://f-droid.org/en/2017/07/03/cuba.html|2017 blog post on F-Droid
app sharing in Cuba]]
* [[https://dev.guardianproject.info/projects/bazaar/wiki/|Bazaar project
wiki]]
* [[https://f-droid.org/en/repomaker/|Repomaker (not yet ready for
production)]]
* [[https://guardianproject.info/2017/06/29/repomaker-usability-trainers-
worldwide-june-2017/|2017 Repomaker usability study]]
It's worth noting that The Guardian Project has
[[https://guardianproject.info/fdroid/repo/?fingerprint=B7C2EEFD8DAC7806AF67DFCD92EB18126BC08312A7F2D6F3862E46013C7A6135|F-Droid
repos on multiple distribution channels/platforms]]:
* direct HTTPS
* `.onion`
* AWS S3 (so provides the collateral censorship-resistance properties
//akin to// domain fronting)
On a different note, there is also the `App Updater` / update detector
framework that may be of use for non-F-Droid devices (iiuc):
* [[https://f-droid.org/en/2017/06/01/announcing-new-libraries-f-droid-
update-channels.html|Introductory blog post]]
* [[https://gitlab.com/fdroid/update-channels|Gitlab repo]]
* [[https://gitlab.com/fdroid/update-
channels/blob/master/appupdater/README.markdown|README.markdown]]
([[https://gitlab.com/fdroid/update-
channels/raw/master/appupdater/README.markdown|raw, no JS required]])
It's not necessarily relevant for the //first// download/install, but it
may be helpful nonetheless in the broader scope of things.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26318#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list