[tor-dev] [Proposal] Obfuscating the Tor Browser Bundle initial download
moosehadley at gmail.com
Mon May 9 19:09:37 UTC 2016
[How it's currently done]
Distributed by gettor at torproject.com, the URL makes it pretty clear what
The download URL on Google Drive is somewhat obfuscated, but once the
download is started, the filename that the browser requests is
An environment I was working in has started to block the files based on
name, and it would be very easy for an adversary monitoring network
traffic to detect users downloading it.
When the user emails gettor, they could also request obfuscation. An
application would randomize the filename and upload it to a mainstream
host (Google, Dropbox, GitHub, AWS).
Maybe even protect the file from scanning by making an AES encrypted ZIP
file, and giving the user the password in the reply email.
I'd be happy to make a proof-of-concept.
What do you all think of this?
Does anyone have any better ideas? Anything that uses less processing
More information about the tor-dev