It is a system for alerting about governments national spyware. This system tries to avoid software publishers' cooperation with some governments e.g. Ubuntu and China for spying Chinese citizens,
Problem is east
Lack of independent security audit firms in these countries.Problem in West
With cooperation of telecom companies with software publisher they can know if a IT company is downloading a software or an ordinary user which cannot detect an unknown spyware. Using VPN have 2 problem:
a. It makes you a more attractive target specially if you use Tor
b. still by buying VPN companies governments (and therefore the participating software publisher) can identity youTechnique
It consists from a download manager that sends a list of downloads titles (current and all previous downloads) to a server and ask for checksum. That server sends checksum as reported by other users (from other countries). Queries can be by specifying version or just asking for last version checksum
A concern would be that this server also can be purchased by governments. There is also a chance that some of the VPN or proxies will be betraying and reveals user location to the participating authors or the checksum server. For addressing these the download manager keep a list of checksums of all downloaded software and it can later checks this list by server through different proxies. When user connect to a new vpn (or proxy) the download manager check all previously downloads through it. An alternative is the client download manager downloads whole database and compare it when it is done through different proxies. So if governments want to do something they have to purchas all VPNs that offer personal IP.
Even with a decentralized version of this database you would need these measurements (Although some work is being done to solve these P2P systems weakness)
What about download manager app itself? The users can do above checks manually itself. Also consider a scenario if someone purchased device in a safer country, this system will be helpful when he come back to home country
The download manger will be the OS package manager. Even OS updates will not allowed to manipulate it. Only OS re-install can change this system
Advantages of this Technique:
1- Easily check downloads by various VPNs through time.
2- If consider Paid VPN as safer tunnel you will not need to always have one. Only periodically buy a short term subscription for checking downloads hash list
3- If some governments want to do something it will became so hard and also so risky for software authors
Donation to project (don't forgot upvote before following link): https://fundition.io/#!/@mahdi2/aibd03c49
Today, I find out the database part is similar to a system called Certificate Transprency (CT) that is being used for finding SSL certificate misissuance (the attack used by Iran once)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit