Adam Fisk wrote: > I agree the threats are complicated. Is an infiltrating seeder in Iran > learning about someone serving the Tor binary dangerous
It's a serious consideration, and not an exaggeration to say that I'm losing sleep over that exact question. My seedboxes are sitting idle at the moment, partly because of that. It's one thing to talk about Tehran street fashion, or the people, or the language, and another to consider that my actions could cause someone to be surveiled or even imprisoned. As you point out, this country has a security regime that is willing to shoot a woman in the heart on the barest suspicion that she attended a peaceful protest. This is a country that I will never see because I am an Illegal Person. So these things give me pause. After working on the distribution problem more, and discussing with a proper researcher, I think I've found a workable solution using Chrome. It took a while, but I've figured out how to handle the size -- it's a bit tricky, but a ~100kb download allows for download of the ~25mb Tor browser bundles. Very unlikely to be blocked, includes signatures for verification, and offers two download options in case one is blocked. (Both options are consistently not blocked in Iran, intermittently blocked in mainland China, unblocked in the majority of the world). Though this could change the equation for censors -- they could block this, and send me back to square one. Such is the state of circumvention tech. Torrents-as-distribution-mechanism are *really* attractive. It's easy, they spread fast, they're difficult to block. But they're fairly trivial to track also. It's not practical to be completely anonymous while downloading files via bittorrent protocol. But outside of direct targeting, your traffic is likely to be lost in the noise of everyone's piracy. Having a legion of not-in-Iran seeders would make it less likely that an individual's download would be tracked by a rogue seeder too. There's also the issue of updating (which requires setting up *another* torrent and seeding *that*). Still problematic. The ability to keep connections within a country is a good feature, so for small stuff like Orbot, sharing via bluetooth is a reasonable option if both parties trust each other. I got Fdroid from Hans directly over bluetooth, and this matter of trust came to mind as he was sending this random .apk to my phone ;-D best, Griffin definitions: seeder: one who uploads/sends a file to other users seedbox: a dedicated machine used to upload files to users apk: Android app file -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
