[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #27682 [Webpages/Support]: Verifying signatures on Android



#27682: Verifying signatures on Android
------------------------------+----------------------
 Reporter:  towiw3            |          Owner:  hiro
     Type:  defect            |         Status:  new
 Priority:  Medium            |      Milestone:
Component:  Webpages/Support  |        Version:
 Severity:  Normal            |     Resolution:
 Keywords:  tbb-mobile        |  Actual Points:
Parent ID:                    |         Points:
 Reviewer:                    |        Sponsor:
------------------------------+----------------------

Comment (by towiw3):

 This can potentially be used to identify Tor Browser for Android users.
 gnupg is not installed by default in Termux so it needs to be downloaded
 from Termux repository. Termux uses Cloudflare, too. It is better to use
 Orbot for downloading gnupg. Orbot VPN can be used to proxy Termux traffic
 through Tor. Orbot VPN must be used before opening Termux after installing
 it (of course this doesn't apply when Termux is already in use for a long
 time). This is not a problem when TBA is installed from Google play store;
 you are already identified as a TBA user and you don't verify signature if
 you installed TBA from Google play store.

 In Termux, `wget` doesn't support https links, it only supports http. But
 curl works so we can use it for downloading the .asc file. I think it
 would be helpful to include how to download the .asc file in the steps.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27682#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs