[tor-bugs] #27682 [Webpages/Support]: Verifying signatures on Android
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Sep 13 13:20:04 UTC 2018
#27682: Verifying signatures on Android
------------------------------+----------------------
Reporter: towiw3 | Owner: hiro
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Webpages/Support | Version:
Severity: Normal | Resolution:
Keywords: tbb-mobile | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------+----------------------
Comment (by towiw3):
This can potentially be used to identify Tor Browser for Android users.
gnupg is not installed by default in Termux so it needs to be downloaded
from Termux repository. Termux uses Cloudflare, too. It is better to use
Orbot for downloading gnupg. Orbot VPN can be used to proxy Termux traffic
through Tor. Orbot VPN must be used before opening Termux after installing
it (of course this doesn't apply when Termux is already in use for a long
time). This is not a problem when TBA is installed from Google play store;
you are already identified as a TBA user and you don't verify signature if
you installed TBA from Google play store.
In Termux, `wget` doesn't support https links, it only supports http. But
curl works so we can use it for downloading the .asc file. I think it
would be helpful to include how to download the .asc file in the steps.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27682#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list