Nathan of Guardian: > > > On Sat, Jan 2, 2016, at 03:15 PM, Hans-Christoph Steiner wrote: >> >> Android provides the nice DownloadManager for handling regular file >> downloads in a robust way, but we can't set the proxy on it, so we can't >> use it over Tor. I've been looking for separate DownloadManager >> replacement, and I just had an idea: Orbot should also act as a >> DownloadManager service! >> >> I think we can do a classic Guardian Project move, and just copy the >> DownloadManager class, and use that as the API. >> > > This fits with my desire to add OnionShare capabilities directly to > Orbot, as well. I wonder how deep that DownloadManager code goes. I know > the StoryMaker team implemented some similar features with resumeable > download support, which is essential for large files over Tor. I also > think we would want to add some extra confirmation so that apps couldn't > easily deanon a user by launching a Tor download with some unique > cookies tied to it.
An app can always just send a unique ID directly to some server for de-anon, so I don't really see the added threats from having a download manager. Fixing the de-anon issue is pretty easy: just require each download in the DownloadManager to use its own circuit. Or use a dedicated circuit per app. .hc -- PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556 https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556 _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
