[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #27682 [Webpages/Support]: Verifying signatures on Android
#27682: Verifying signatures on Android
------------------------------+----------------------
Reporter: towiw3 | Owner: hiro
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Webpages/Support | Version:
Severity: Normal | Resolution:
Keywords: tbb-mobile | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------+----------------------
Comment (by towiw3):
This can potentially be used to identify Tor Browser for Android users.
gnupg is not installed by default in Termux so it needs to be downloaded
from Termux repository. Termux uses Cloudflare, too. It is better to use
Orbot for downloading gnupg. Orbot VPN can be used to proxy Termux traffic
through Tor. Orbot VPN must be used before opening Termux after installing
it (of course this doesn't apply when Termux is already in use for a long
time). This is not a problem when TBA is installed from Google play store;
you are already identified as a TBA user and you don't verify signature if
you installed TBA from Google play store.
In Termux, `wget` doesn't support https links, it only supports http. But
curl works so we can use it for downloading the .asc file. I think it
would be helpful to include how to download the .asc file in the steps.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27682#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs