Distributing tor browser over torrent

Hello,

I wonder if there is any reason to NOT distribute tor browser over torrent ?

Motivation :
We can all agree that China has the most advanced censorship system. From this point, I looked at how youngers access censored content there. And beside proxy, vpn … a lot of them simply download that over torrent. And it is working pretty well, thanks to DHT.
In fact, when you find magnet link in China, they do not contain any trackers info, just the hash and eventualy the name.

For example, using Tails official magnet link, just remove the tracker info : magnet:?xt=urn:btih:06fe60496e4c7c9872ff683882c9439464468fbd&dn=tails-amd64-5.10-img

You can try to add it to any torrent client supporting DHT, it will be downloaded like any others.

Also, accordingly to magnet format :
the parameter x.pe can be used to specify peers that have the file.
I can imagine some code that would dynamically set up this parameter, picking X random peers, so even if the torrent client is not “enough” connected to the DHT, it would find its way.

1 Like

Do you mean for users or for Tor team?
I think for team it is just additional work, which they may or may not want to do.
For regular users I think there are no problems, except that person who want to download file should have some methods of checking that Tor Browser was not modified in process of moving it from official website to torrent.

Indeed, there is a real difficulty at checking what you downloaded is an “unmodified” version of tor browser. Except an ad hoc check, run the tor browser you just downloaded and go to torproject.org checking the signature. And even this, a smart “modified” version could change the signature you see on the fly.

By the way, looking at what I see on the DHT now, there is already some version of tor currently shared, they are outdated and maybe not legit.

Sure, I will create the magnet link and post the links here. I wanted to check with the community first, if there were reasons not to.

1 Like

I don’t know too much about how bittorrent works, but the gettor archives on archive.org have torrent files. E.g. for torbrowser-12.0.4-dbd1a7abad9ee3d1 there is

https://archive.org/download/torbrowser-12.0.4-dbd1a7abad9ee3d1/torbrowser-12.0.4-dbd1a7abad9ee3d1_archive.torrent

I think the torrents will include the .asc signatures.

2 Likes

Thanks.
It looks like for some reason not many people know and use such method.
Download was using only web seeds for me.

Let’s see if it becomes more popular. Here is magnet link just in case:

magnet:?xt=urn:btih:A3445D681702D17AEBB4886332CAF6DC7EEF6B3F&dn=torbrowser-12.0.4-dbd1a7abad9ee3d1&tr=http%3a%2f%2fbt1.archive.org%3a6969%2fannounce&tr=http%3a%2f%2fbt2.archive.org%3a6969%2fannounce&ws=https%3a%2f%2farchive.org%2fdownload%2f&ws=http%3a%2f%2fia601608.us.archive.org%2f26%2fitems%2f&ws=%2f26%2fitems%2f

Looks like I found the reason for the unpopularity.
This torrent file is not stable because of very frequent recreation of files like android-aarch64-12.0.4.exist-gettor and torbrowser-12.0.4-dbd1a7abad9ee3d1_meta.sqlite.
Such frequent updates make torrent file almost useless, it degrades to odd way of downloading via HTTP.
Can Tor team explain why it happens and think how to solve it?

upd. I made bugreport about this problem.