[liberationtech] S3 alternative?
Griffin Boyce
griffin at cryptolab.net
Wed Mar 12 11:28:11 PDT 2014
Adam Fisk wrote:
> I agree the threats are complicated. Is an infiltrating seeder in Iran
> learning about someone serving the Tor binary dangerous
It's a serious consideration, and not an exaggeration to say that I'm
losing sleep over that exact question. My seedboxes are sitting idle at
the moment, partly because of that.
It's one thing to talk about Tehran street fashion, or the people, or
the language, and another to consider that my actions could cause
someone to be surveiled or even imprisoned. As you point out, this
country has a security regime that is willing to shoot a woman in the
heart on the barest suspicion that she attended a peaceful protest.
This is a country that I will never see because I am an Illegal Person.
So these things give me pause.
After working on the distribution problem more, and discussing with a
proper researcher, I think I've found a workable solution using Chrome.
It took a while, but I've figured out how to handle the size -- it's a
bit tricky, but a ~100kb download allows for download of the ~25mb Tor
browser bundles. Very unlikely to be blocked, includes signatures for
verification, and offers two download options in case one is blocked.
(Both options are consistently not blocked in Iran, intermittently
blocked in mainland China, unblocked in the majority of the world).
Though this could change the equation for censors -- they could block
this, and send me back to square one. Such is the state of
circumvention tech.
Torrents-as-distribution-mechanism are *really* attractive. It's
easy, they spread fast, they're difficult to block. But they're fairly
trivial to track also. It's not practical to be completely anonymous
while downloading files via bittorrent protocol. But outside of direct
targeting, your traffic is likely to be lost in the noise of everyone's
piracy. Having a legion of not-in-Iran seeders would make it less
likely that an individual's download would be tracked by a rogue seeder
too. There's also the issue of updating (which requires setting up
*another* torrent and seeding *that*). Still problematic.
The ability to keep connections within a country is a good feature, so
for small stuff like Orbot, sharing via bluetooth is a reasonable option
if both parties trust each other. I got Fdroid from Hans directly over
bluetooth, and this matter of trust came to mind as he was sending this
random .apk to my phone ;-D
best,
Griffin
definitions:
seeder: one who uploads/sends a file to other users
seedbox: a dedicated machine used to upload files to users
apk: Android app file
More information about the liberationtech
mailing list