This repository has been archived by the owner on Dec 11, 2019. It is now read-only.
Use Tor for update checks and downloads #12924
Comments
4 tasks
|
arma adds: https://blog.torproject.org/tor-heart-apt-transport-tor-and-debian-onions In particular, beyond individual privacy, always downloading updates anonymously makes it difficult for an adversary to target anyone with a malicious update. |
Closed
|
Closing in favor of brave/brave-browser#804 which calls out some specific use-cases for using Tor in a background service |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Once we have Tor working, we should consider using it for update pings and downloads.
If Brave is connecting to a the update service over Tor, we should probably configure that as an onion service on our end. Should we use a single onion service rather than a full hidden service? We should consider using something like Alec Muffett's Enterprise Onion Toolkit on the infrastructure side.
Tor — even a single onion service — is still probably slower than a regular connection. However, browser update checks happen silently in the background. As long as we can reliably obtain updates, there's no reason for the user to be aware of how long it takes to download the update: we can just inform them when the process is complete.
The text was updated successfully, but these errors were encountered: