[tor-dev] Apple App Store Redux

Griffin Boyce griffin at cryptolab.net
Wed Nov 20 18:36:51 UTC 2013


Sorry for taking so long to respond to this thread.  Responses are
(mostly) inline below.

  At a training event a couple of days ago, a user was sketched out by
the warning her Mac gave her -- in spite of the advance notice she'd
been given by the trainers.

Erinn Clark wrote:
> Please see Ralf's reply to me elsewhere in the thread -- do you still
> think this while taking into account what we know about US companies'
> cooperation the NSA/USG with regards to turning over user data?

  This is an extremely important point, and I don't want to minimize
user risk in this regard. But I think that it needs to be weighed
against the probability that it will expand availability to censored
users. (Especially if the bundle uploaded is the pluggable transport
bundle, hint hint hint).

  The situation is similar to Orbot's deployment (as Nathan points out).
Censor X would have to block the app store in order to block access to
Orbot, but the trade-off is that Google gets a list of people interested
in anonymity.

  Part of me feels that if a user is using an Apple device, they're on
the hook to do their homework -- responsibility and informed consent and
definitely in play there. AFAIK, the last bug submitted was #6540.

  However, having said all of that, it turns out that Tor doesn't need
to distribute it via app store to distribute a signed app [1] (there are
two types of certificates). Though the signing situation itself is
complicated (eg, Apple would still likely know that you've downloaded Tor).


andrew at torproject.is wrote:
> I agree with this method. I don't think The Tor Project should be the
> one maintaining Tor-something in the App Store. I'd rather a trusted 3rd
> party who signs a trademark licensing agreement with us be the person
> who maintains an App Store presence.

  I really like this idea. My only real concerns are about licensing and
whether Apple would consider a Tor-licensing dev to be effectively a
proxy of the Tor Project Inc.  Also, the tpo site right now indicates
that someone could just submit TBB to an app store without a licensing
agreement, so that could use clarifying.

  Other than that, agree with Naif :D  To Nathan's point, Macs and
Chromebooks subscribe highly to the "walled garden" model of app
accessibility, and more users look to Apple's blessed apps than for
independent solutions.  This is either a good thing or a bad thing,
depending on your outlook (broader userbase vs. better-educated users).

abusing his parenthetical privileges,
Griffin

[1] Page 11 of:
https://developer.apple.com/library/mac/documentation/security/conceptual/CodeSigningGuide/CodeSigningGuide.pdf

-- 
Be kind, for everyone you meet is fighting a hard battle.

PGP: 0xD9D4CADEE3B67E7AB2C05717E331FD29AE792C97
OTR: saint at jabber.ccc.de


More information about the tor-dev mailing list