Hey everyone,
[How it's currently done]
Distributed by get...@torproject.com, the URL makes it pretty clear what
you're downloading.
Dropbox:
https://www.dropbox.com/s/mz9ug2rzvj85791/torbrowser-install-5.5.5_en-US.exe?dl=1
Google Drive:
https://docs.google.com/uc?id=0B76pDbk5No54VHowTEpr
On Mon, 9 May 2016 15:09:37 -0400
Blake Hadley wrote:
> Hey everyone,
>
> [How it's currently done]
>
> Distributed by get...@torproject.com, the URL makes it pretty clear
> what you're downloading.
> Dropbox:
> https://www.dropbox.com/s/mz9ug2rzvj85791/torbrowser-install-5.5.5_en-US.exe?dl
> The environment you're were in was mounting a MITM attack to break TLS,
> or has compromised your box, because the only component of the URL that
> is visible otherwise is the host in the SNI field.
>
> In such an environment, gettor in general isn't unblockable because
> there is no privacy/secu
Blake Hadley writes:
>
> The environment requires an HTTPS proxy to reach the World Web Web.
>
> Do HTTP proxies inherently create a situation similar to MITM?
Yes, that is exactly what they do. If your web browser isn't nagging you
all the time with "hey this certificate is untrusted" then a si
On Mon, May 09, 2016 at 09:23:20PM +, William Waites wrote:
>
> Blake Hadley writes:
> >
> > The environment requires an HTTPS proxy to reach the World Web Web.
> >
> > Do HTTP proxies inherently create a situation similar to MITM?
>
> Yes, that is exactly what they do. If your web browser i
> On May 9, 2016, at 5:54 PM, David Fifield wrote:
>
> Well, an "HTTPS proxy" doesn't have to be a TLS interception device.
> When I think "HTTPS proxy", I think of an ordinary HTTP proxy using the
> CONNECT method to support TLS. In that case, the proxy does not get to
> see plaintext, which in
