[tor-dev] GsoC: Revamp GetTor

Israel Leiva israel.leiva at usach.cl
Tue Apr 29 02:28:29 UTC 2014

> Hi Israel,
> Following are my comments on your proposal[1], that I've mentioned on
> IRC earlier today.
Hi Nima, thanks for commenting.

> 1- wrt cloud-storage mirrors and private git-repo, ideally the links
> shouldn't be stored anywhere at all. Sending an email to gettor should
> be the only way to get a link.
What's wrong with storing these links?

> Maybe we should generate unique URLs for each request, so in case the
> censors blocked or limited access to SSL, we could serve the unique
> links over HTTP.
> So the scenario in my mind is something like:
> user asks for a bundle -> gettor generates new urls on cloud (either by
> fetching the latest bundle from dist or recycling old urls) -> reply to
> user with urls, keeps the urls for a while -> then either remove or
> recycle the links.

Sounds great! If we can't ensure message encryption, we could at least
delete the uploaded packages after some fixed amount of time, so other
people can't (easily) know what you've downloaded. This should consider
abuse prevention.

> 2- I find Skype distribution method, a terrible idea for many reasons.
> Instead, we could aim for XMPP (with and without OTR support).

Yeah, not the best distributor but IMHO is "less suspicious" or hard to
block in a large scale. Replacing it with XMPP sounds fine to me, though.

> 3- Having an smart core module to understand a request like "Give me the
> URL links for TBB in this language" is cool but we need to make sure it
> wouldn't break or cause problems when we start to get requests in 10
> different languages.
Of course, whether the code is re-written from scratch or fixed, it has to
be done with scalability in mind.

Just my 2cents.
> [1]: https://ileiva.github.io/gettor_proposal.html
> Best of luck and happy coding,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20140428/51e29484/attachment.html>

More information about the tor-dev mailing list