Use encryption to circumvent deep packet inspection and cloud service awareness
Summary
Some cloud services that are friendly with government regimes may delete Tor installer files/accounts or block downloads in that area. To keep Tor installers/bundles obfuscated, emails should link to encrypted 7-zip archives and provide the password in the body of the email.
The purpose is not to hide data, but to circumvent protection measures based on file hashes. Making each bundle 'unique' from a file hash standpoint increases the likelihood that the files will reach their intended recipient.
Technical Details
7zip allows for very easy decryption on Windows platforms via creating an archive as an EXE. The password can be included in the email, as the only objective is to evade signature detection, not actually protect the contents of the attachments.
On Linux platforms, the archive can be a .tar.gz, .7z, or any other common archive format, but in encrypted format. Most distributions have a GUI component to extract encrypted archives.
Encryption should be done on-the-fly for each request, as governments or cooperative cloud providers will just start blocking the new hash. Changing the encryption password for each request will effectively disable file hash detection and blocking systems. This can be scripted into the existing gettor system.
7zip doesn't have to be the chosen encryption method, just the first open source, easy-to-use utility that came to mind.
Trac:
Username: samurailink3