[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Satori (this crazy app thing I've been working on)

Sorry for the delay in responding. Life gets in the way sometimes. ;-)

Runa A. Sandvik wrote:
Sounds interesting! Could you say a bit more about how it distributes software?

So it offers downloads from places that are not currently blocked or MITM'd: Google's Chrome Web Store, Amazon, and Github. Which seem unlikely to be due to various economic factors at play. This is mostly my opinion, though backed by research I've done in this area. Granted, distributing from these three sites could change the equation for censors, but right now it works very well.

Fetching .crx files from the Chrome Web Store is particularly devious, as these are unlisted extensions across a few accounts. These download as zip files which contain the Tor Browser Bundle. This option is only available for Chinese, Farsi, and Arabic, as it takes a fairly large amount of time to set up. Downloading from Github or Amazon is more straightforward, and downloads the usual .zip file. The bundles aren't modified in any way, so the sha256 checksums and gpg signatures should be verifiable across torproject.org and its mirrors.

I've been weighing fetching the files via torrent with something like bitford or bittorrent torque built-into Satori, but haven't come to a solid conclusion on it. It's technically possible to do so, but there are questions in my mind that need to be resolved before I think this could be a real solution. Mostly because it's easy for a censor to just start seeding a given torrent and then tally IP addresses of people downloading. Another is whether the trackers would just get blocked outright (and running a tracker on AWS sort of loops back around to the idea of a single point of failure).

Sukhbir Singh wrote:
This is a great idea. This coupled with GetTor can help alleviate our
bundle distribution issues :)

  Thanks! ^_^

Some feedback, mostly related to the UI/UX, so this may very well be a
personal opinion but I will still comment because I really hope we use
this to distribute the bundles.

I'm not sure whose call that is, tbh. Happy to keep it a personal project =) And UI/UX feedback is always welcome.

- the background looks nice but we can probably use something simple
just to make sure that it is accessible

True. I'm planning to add a stylesheet for screen readers (which would hide the <canvas> entirely), along with WAI-ARIA attributes[1] to make it more accessible overall. I really like the background, but might nix the space theme and go with the polygons on black instead.

- the (A) and (B) for the download links should be redesigned.

Agreed. Currently leaning towards replacing A/B/C with download icons that indicate the source. That sentence is super dry, but I think you get what I mean.

- is it possible to use this without signing in to your Google account?

Yes! First, download the zip from github: https://github.com/glamrock/satori

* Go to chrome://extensions/
* â Developer mode
* Click "Load unpacked extension"
* Choose Satori/chrome directory

Then go to chrome://apps/ to launch (this is the apps page). Once development slows a bit, the goal is to have gpg-signed releases in the github repo. So that way it's possible to independently verify that the app came from me and still use it without logging in to google.

- checksums for some of the bundles was not working
- sorry, couldn't resist -- it's TorBirdy and not Torbirdy ;)

  Oh butts, I didn't even notice those! :D  Will fix!

Very well done though! The hash generation takes the prize above all!

Thanks, though the Google Closure library really does the heavy lifting on that.

Please keep us informed about the development.

  Will do!


[1] http://www.w3.org/TR/wai-aria-1.1/
[2] https://www.transifex.com/projects/p/cupcake/resource/satori-chrome/
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to