Say hi to the new GetTor

Hello people. It's been a while since Google Summer of Code 2014 ended, but I wanted to give you a brief review of the work done on GetTor.

What is GetTor?

GetTor is a program that serves Tor Browser over email. In the past, people would make requests by sending emails to GetTor, which would send back Tor Browser as email attachments. In highly censored countries (and places) where the Tor Project website is blocked, GetTor would be a convenient way for people to get access to Tor Browser.

There were lots of nice features incorporated in GetTor, such as specifying the operating system and language for the package wanted, or sending delay messages to let people know the package was on its way. But Tor Browser started to get larger in size (over 25 MB), to the point where it wasn't longer possible to send it via most email providers.

Revamp

It wasn't long until a solution for this problem came up. The idea consisted on uploading Tor Browser to the cloud (Dropbox) and when someone asked for it via GetTor, a reply with the links for download was sent. This worked quite well, but the fix was far from being complete and at that point the whole GetTor was in need of some love to get back to its shiny days.

Google Summer of Code

All of what I mentioned was listed on the Volunteer page of the Tor Project website, so when I got there looking for a project to work on for the Google Summer of Code, I immediatly considered it into my options, because of the social impact of GetTor as for the technical skills required. I was happy to learn that my proposal got accepted and I was one of the fourteen students selected to work on the Tor Project during the northern hemisphere summer (actually, it was winter here in Chile).

First, I started to work on the design, making sure that when I started to code, most of the ideas I would be implementing were carefully described and discussed. Of course, a lot of things did change over the coding period, some of them small stuff like how the links would be internally stored by GetTor, and some of them not so small, like changing one of the distribution modules.

Anyhow, I don't want to bore you with technical details here, but if you're interested, please read my biweekly reports and check the code repository.

Outcome

The coding period lasted a little more than three months, and I managed to pass both mid-term and final evaluations. But more importantly, the status of GetTor improved significantly during that time. I did a full rewrite of it, focusing on having clean and readable code, and on making it easy to add new distribution modules and cloud providers for storing Tor Browser. Two distribution modules were successfully finished: SMTP, for asking via email; and XMPP, for asking via Jabber (you know, chat style).

Even though the new GetTor is able to manage requests in multiple locales, for now the SMTP module has been deployed with support for English requests only; other locales and modules will eventually/gradually be supported. We will let you know when that happens (soon we hope!).

Almost all of the testing and other minor fixes were done after the Google Summer of Code ended, and this is because I explicitly mentioned to my mentors that I have the intention to keep working on it and to continue as the lead developer if needed. It's not just for the work I did, but more importantly for the possibility of helping other people, specially those that have the bad fortune to live under regimes and/or organizations which think they can impose control on the information you can access, spy on what you do and chase you for what you think. If I have the chance to help avoiding this dystopia, as little as I can, I would certainly do whatever is in my hands, and I invite you to do the same.

Great, but how do I use it?

You can reach GetTor by sending emails to gettor@torproject.org. To ask for Tor Browser, you just have to send an email with the word windows in the body to get it for Windows, osx to get it for Mac OSX, or linux to get it for Linux. The options are case insentitive, so it doesn't matter if you send Linux, or linux, or LiNuX, as long as it describes one of the options mentioned before; if you send anything different from that, you will receive a help message with detailed instructions on how to interact with it. Once you ask for Tor Browser, GetTor will reply to you with Dropbox links to download the required package for your architecture (32/64 bit) and operating system, along with some extra information to help you verify the integrity of the downloaded files. Please note that you can reach GetTor from any email address: gmail, yahoo, hotmail, riseup, etc. The only restriction is that you can do a maximum of three requests in a row, after that you'll have to wait 20 minutes to reach GetTor again. You can find out more about its purpose and how it works here.

Collaborate

The main way to collaborate is to use GetTor and provide feedback! Please tell us what you like, what you don't like, what works smoothly and what doesn't work or could work better; after all, GetTor is here for you, so you should tell us what we need to do :) For this, please open a ticket on the trac system under the GetTor component. You can file anything from usability suggestions/bugs to new development ideas.

On the other hand, I've read lots of people who are interested to collaborate with the Tor Project and they just don't know where to start or they are looking for something easy to collaborate with. The code and work on GetTor is quite straightforward, so if you know some Python and have some free time that you feel you want to give to an awesome open source organization, check the git repository and the tickets and you might find something easy to start with. There are various ideas and things left to do in GetTor, so please join us!

Other options

It's important to note that there are a couple more options to obtain Tor Browser when you cannot access Tor Project's website. The first and easiest is to access the official mirrors: EFF and torservers.net. If those sites are blocked too, you can try using Satori, an app for Google Chrome that distributes various circumvention tools in a difficult-to-block way, making it easy for users to check if the software has been tampered. If after all, you manage to get the Tor Browser but you are not able to reach the Tor network, you might want to use bridges or the pluggable transports. You can read more about that here, here and here.

Thanks

I want to end this blog post by thanking to the Tor Project organization in general for letting me be part of it during the summer and kindly answer any doubt that came up, and to Sukhbir and Nima in particular for their awesome job as mentors, I couldn't have done it without you, thanks a lot guys!

i

November 27, 2014

Permalink

Thank you for your great job. This helps us in Iran to by bypass website blocking system.

i

November 27, 2014

Permalink

literally, only dropbox? the countries might block dropbox.
i have downloaded small files from google.com. google might have size limit. also, the links aren't as obvious as they should be, as I recall.
but then, the hard-policy countries could block google, too.

In addition to dropbox being blocked, Google is almost completely blocked in China (it sometimes work, but it's so slow to the point that it's unusable), so that would make Google Drive not work either.

If you could do it with Microsoft's Skydrive, that would be best. Currently Microsoft plays very nicely with the Chinese government, so their services are not blocked and lightening fast in China.

Or, try some local Chinese cloud services (baidu yun, for example). Though it's highly probable that once they detect Tor being stored on their services they will be asked by the Chinese government to delete them.

It might be cool to allow users to email you their public keys, and you store an encrypted installer of Tor on the cloud services and give the users the link. That way, perhaps even Chinese cloud services wouldn't be able to tell what you're storing.

i

November 27, 2014

Permalink

hmmmm... downloading from a different source should also be an option. Otherwise it give a preset one?

eg. 'linux google' or 'windows dropbox'

I will be definately recommending this to friends and following this project. much potential to help those in need.

i

November 28, 2014

Permalink

Eventually countries are going to block e-mails going to or from @torproject.org (if they haven't already) so this code is going to have to be run elsewhere as well.

i

November 28, 2014

Permalink

You might consider using SpiderOak rather than DropBox for file distribution.

I dropped DropBox like a hot potato when I found out that 9-11 coverup criminal and NSA darling Condoleeza Rice was on the DropBox Board of Directors.

When SpiderOak came along with a much better security model, that was it for me.

The Tor Project isn't suggesting that you use Dropbox to store your own data - there are legitimate concerns about that; they are just using Dropbox storage to distribute Tor Browser (on the basis that censors would be reluctant to block Dropbox). You don't need to be a dropbox user or download the dropbox software to use gettor.

i

December 01, 2014

Permalink

hello i from china
government block conection to tor network
government also block conection to tor bridges
i tried using tor bridges but government found out and i was blocked
i want to use tor secretly without government knowing. how can i use tor without being blocked?

i

December 03, 2014

In reply to by Anonymous (not verified)

Permalink

Hello!

You better need to research Linux and Internet more, in detail to doing this.
Check this: http://www.vpngate.net <-- this is Japaneses project, VPN. You could wrap your Tor connection into such Free VPN.

Or you could check this soft: SocksCap ( Windows ) or http://proxychains.sourceforge.net ( Linux / Unix )
You are able to wrap your Tor connection into sock5, However, keep in mind. When a VPN able to encrypt connection, to hide Tor trace in packets. Socks5 or socks4 or http-proxy are not.

Cheers to great China peoples!

i

December 02, 2014

Permalink

Are you kidding me ? People want to use Tor for reach google & all other sh!ts ? 0.0
If you live in China (for exemple) what is the point to use this data sucker who is google ?
I don't understand... You can only find propaganda 2.0 with google...
No, I don't understand you. Google spread what they want to share to you... what NATO gov' and corp' want give to you. Modern version of propaganda used in WWI & WWII "look how is the world, we give you what you want to imagine !"
For using cloud systems (or file hosters, depen of your use)... a joke too ?
So you prefer have files hosted by a spy agency and not in your own hardwares... Do you seriously hate the dictators ? Really ? 0.0
You want to flee a spy gov' for an another one ? Do you really think you find more liberties with google or similar ?

Just saying, old bbs, remote shells, irc, no referenced websites and many MANY more is the real Internet liberty.

Using Tor for reach google... omg I hope I'm dreaming !

i

December 02, 2014

Permalink

A few day's ago I downloaded the Vidalia Bridge Bundle from this website. I then became a Bridge.I named my bridge and I added my email address in their and today random people have sent me email's harassing and abusing me, what can I do to stop this?
I need advice to stop this problem ASAP.

i

December 04, 2014

Permalink

holy crap people.. come on.. A couple easy solutions to this is to

1. USE tor to deliver.. those that have an exit route can be a bridge that pushes tor out.. the links that get emailed can be pointed to one of the exit relays.. needs to be a new option in tor setting.. 1) no relay 2) relay 3) exit route 4) push tor.
push tor can start up a mini httpd prob using pythons built in webserver and host tor browsers.

2. USE owncloud.

digital_ghost