[tor-dev] [GSoC 2014] Revamp GetTor: Send HTTP links for downloading TBB

michael at schloh.com michael at schloh.com
Tue Jun 10 04:27:01 UTC 2014

Hello Israel,

On Mon., June 09, 2014, Israel Leiva wrote:
>I've been discussing with my mentors (Sukhbir and Nima) the option
>of sending HTTP links to download TBB via GetTor. The main reason
>for this would be that in some censor countries is very difficult
>to download a "big file" (>= 10 Mb) over SSL, so HTTP links would
>be needed. Obviously, the user would be warned about the lack of
>SSL and that he/she *must* verify the integrity of the bundle. On
>the other side, bundles downloaded over HTTPS should also be
>verified if you need maximum security, since we can't trust in the
>cloud services neither. (e.g. Dropbox).
How do you qualify 'difficult?' Is this a duration matter or are
there timeouts and repeated stream downloads? Is it a financial
(money per megaoctet) problem for the users?

>Since this is not an easy decision, we've decided to discuss it
>publicly.  Any thoughts on this? What's your experience regarding
>this matter? All feedback is welcomed.
Do you have statistics of how many users have a good versus bad
experience and just how much lowering the bar to HTTP would make
a difference in this regards?

Sorry for so many questions, I'm not in the 'difficult' category
so have no idea.

>In the meanwhile we'll keep considering HTTPS links only.
Good choice, I hope you get the answer you're looking for.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3379 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20140610/0f3cee2f/attachment-0001.bin>

More information about the tor-dev mailing list