wiki:org/meetings/2016SummerDevMeeting/Notes/GetTor

Originally at https://pad.riseup.net/p/8CWboG7UxuUE

Get Tor

Day 1 session notes:

Ideas:

  • Official downloader on various App Stores (Chrome, Apple*, Microsoft, etc). *
  • Downloader would fetch tor browser over a mirror or using one of the CDNs, verify the signature and run the installer.
  • FYI: Chrome is phasing out packaged apps, so it would need to be an extension
  • add otr for xmpp *
  • Why?
  • create google snippet for search results
  • Take advantage of front domaining with meek: Amazon, Microsoft, CloudFlare?, fastly, Akamai, other CDNs?
  • code refactoring
  • store links in sqlite database for better handling
  • use virualenv
  • delete old files from dropbox and google drive
  • Run the updater script on GetTor machine as a cronjob
  • improve messages
  • add guide for checking bundles integrity
  • add support for translation (put all content together and
  • explain how to get bundles in supported locales (zh, tr, fa, en-US)
  • support more locales?
  • get stats for API
  • check for integrity of uploaded files periodically
  • distribute orfox
  • distribute tor browser manual
  • OUTREACH: Do a better job at telling users of all the available ways to fetch the bundles, and about the availability of the Gettor service in general. *

Foot notes:

  • For Apple store we need a dev certificate (ideally seperate from Tor Browser team certificate)

(Day 2) session notes:

  • Fixing the scripts to get the stats.
  • Make raw stat log available publicly -- Work with metrics team to create nice graph from them
  • having graphs on different methods people are using to download tor would be interesting over time. To see which method they rely on over time specially during interesting events.
  • having per language graphs.
  • LONGTERM: get stats for API
  • Making use of GPG.js to verify downloads for the downlaoder we talked about yesterday.
    • Will be important to decide how many releases to support, as at scale it will dramatically increase the size of the download
    • Unless you are fetching GPG signatures, which Griffin does not recommend
  • For downloads, it's not so much domain fronting as it is selecting a CDN that is most unblocked in target areas
  • Akamai is outlandishly expensive compared to Amazon S3 and Cloudflare.
  • CF may eventually create a Google-style policy that restricts these downloads. Until then, their Project Galileo might offer free service
  • 2015 breakdown of cost-per-download:

Akamai: 17.8 downloads per $1 spent

Azure: 199 downloads per $1 spent (estimate for 1TB monthly plan)

Cloudflare: ∞ downloads, but not available in China ($20-⁠$200 per month static fee)

  • Average of 2k unique requests per month.
  • Having torrent (magnet URI) was rulled out since you can get the IP address of who is downloading Tor.
  • Twitter bot shouldn't keep a history of the people who requested Tor Browser (it currently does)

Priorities:

  • Do a better job at telling users of all the available ways to fetch the bundles, and about the availability of the Gettor service in general.
  • Do a "Ways to get the Tor Browser Bundle" post, part II
  • Official downloader on various App Stores (Chrome, Apple*, Microsoft, etc).
@ GetTor Report for August 2016 (past 6 months)

We received a total of 90749 requests in August, with a peak of 1803 requests on December 8.

[*] Request
            help: 63508
           links: 25745
       blacklist: 866
         mirrors: 630

[*] OS
         windows: 18603
         android: 3370
           linux: 2005
             osx: 1767

[*] Language
              en: 86126
              fa: 2229
              zh: 1425
              tr: 103

[*] Channel
            smtp: 88639
         twitter: 2110
Last modified 14 months ago Last modified on Sep 30, 2016, 10:34:55 PM