Opened 5 weeks ago

Last modified 5 weeks ago

#31990 new task

How should we proceed with website mirrors?

Reported by: phw Owned by: ggus
Priority: Medium Milestone:
Component: Community/Mirrors Version:
Severity: Normal Keywords:
Cc: cohosh, hiro, gaba, antonela, Samdney, phoul, aquintex, traumschule Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

We discussed the current status of website mirrors at our Oct 3 anti-censorship meeting. The following questions and arguments came up:

  • Should we verify mirrors' authenticity? If so, how? If we verify mirrors, we may want to do it continuously because a mirror may be authentic at time t but serve malware at time t+1. We may also want to verify mirrors in a way that makes it difficult for the mirror to distinguish between a user browsing the mirror and us verifying the mirror.
  • People let us know when they set up new mirrors but we currently ignore volunteers because of our policy of only considering mirrors run by trusted contacts.
  • Let's keep in mind that people generally search for "download tor" and click on whatever shows up first in their favourite search engine. By obsessing too much over the authenticity of mirrors we may be missing the bigger issue.
  • Some of us believe that the risk of having mirrors outweighs their value while others believe the opposite.
  • Website mirrors are frequently not subject to censorship, so users who are unable to browse torproject.org can still browse our mirrors and download Tor Browser from there. GetTor could therefore send users a link to mirrors – and add PGP verification instructions to its email, so the user doesn't need to trust the mirrors).

Child Tickets

Change History (1)

comment:1 Changed 5 weeks ago by arma

Good summary, Philipp!

Thought 1: I wonder what is a good way to move to a conclusion here on a trac ticket. I guess we start by trying to post useful constructive thoughts and see where it goes.

Thought 2: For people who can reach our website, we have our own webservers that we run. We've been making sure to scale up our webservers to be able to handle the people who want to look at our website and can reach it. So I don't think anybody is speaking of using mirrors from random internet volunteers to replace the website for those who can reach it.

So the question for me is whether we want to let people sign up locations that we include in our gettor url rotation.

Maybe gettor will work perfectly in all censored locations by offering S3, github, and google drive? If that's the case then adding new places, and needing to worry about how much we trust them, is not so needed.

Note: See TracTickets for help on using tickets.