I haven’t complained about anything, other than an unbelievably dense user who spreads FUD and has already been exposed through private messaging, everybody knows.
Thanks for the 2015 article but I’ll stick with the app which is digitally signed as previously mentioned, your carer is missing words which then sends you down a false path.
It certainly will not bring “gift” as all uploaded apk’s are checked against the expected digital signature, if it doesn’t match then the apk won’t even be visible. You can download apkpure and use it to install Tor, if you want extra reassurance then use classyshark to scan Tor, copy/paste the signature into Google and it will confirm the legitimacy. Ignore justsomeagent, he knows zero.
Good afternoon:
I don’t understand when you say don’t go deep enough?.
I tried both wiffi and data (4g+) about ten times. First I cleared the fdroid cache. And then hiba disabling both, and then enabling both. And making fdroid check for updates every time. Then disabling the official and the same thing. And then with the file.
And when referring to the application. What do you mean go to the one that I get suggested to update. And then there is I do not know what else to do.
Forgive my ignorance on the subject of fdroid.
Sera because I use lineageos 17.1 without google gaps. The only thing that I find strange is that it did not fail until this latest update of fdroid.
A hug and thank you for your help.
Good afternoon @Moz @anon46495926
First of all thank you very much for your help and time.
What I don’t understand is the user commenting.
I don’t think it’s me because I don’t even know what FUD is.
The forum is to help each other and not to have quarrels between us. And not to attack each other or anything.
Do not take me wrong what I am saying because I do not understand what things are about, and I see this quarrel between you. When the forum is for fun, help and so on.
In my opinion.
A hug and thank you for your help
1 Like
Yes this forum and all forums should indeed be a platform for learning and sharing of knowledge, unfortunately some people aren’t as willing to use the forum for these purposes and instead use it to spread aforementioned FUD, FUD being an abbreviation of Fear, Uncertainty and Doubt. It is usually used by companies to push a product on you or make you choose one brand over another. Tor is probably the single most FUD targeted software in existence, many put great effort into pushing people away from Tor and attempting to cause discourse within communities that use it, in which circumstance you have to ask who would do that and why. 99% of the time it’s intelligence agencies trying to push or frighten people away from Tor safety and into gimmicky companies like NordVPN.
Here is a link to the apkpure mirror of the officially digitally signed by Tor Project installation. You can scan it with everything and anything, it will come back clean and legitimate as if it wasn’t then it wouldn’t be published in the first place. Click the little blue ticked shield if you want more information.
1 Like
- F-Droid
- settings,
- repositories,
- See guardian project official releases; verify checked
- tap on “guardian project official releases” line
- See a list of more info
- scroll to “Official mirrors” list
- touch and scroll the mirror list
- uncheck all except one mirror
- go back to F-Droid display of Tor Browser
- Tap update
- If “not found” error, repeat with a different one mirror selected.
- Repeat until it works, or every mirror fails.
There should be about 7 mirrors to choose. If none work, you have a different problem than I did.
2 Likes
I had to disable all but the first 2:
https://guardianproject.info/fdroid/repo/index.xml #2021-08-13
http://bdf2wcxujkg6qqff.onion/fdroid/repo/index.xml #2021-08-13
These all work, but are outdated:
https://s3.amazonaws.com/guardianproject/fdroid/repo/index.xml #2021-06-29
https://guardianproject.s3.amazonaws.com/fdroid/repo/index.xml #2021-06-29
https://guardianproject.gitlab.io/fdroid-repo/fdroid/repo/index.xml #2020-10-06
https://gitlab.com/guardianproject/fdroid-repo/-/raw/master/fdroid/repo/index.xml #2021-06-29
https://raw.githubusercontent.com/guardianproject/fdroid-repo/master/fdroid/repo/index.xml #2021-06-29
@hans or anyone else from Guardian Project, please take a look to see why the mirrors aren’t all being updated. thank you kindly
2 Likes
I’ve just checked fdroid and it has Tor updated 4 days ago from Guardian Project. Current version is the latest version 10.5.3
1 Like
apkpure
1 Like
From the guy involved with crypto miners? Hey I’ll believe him, he sticks by what he says…
It’s probable that fdroid has been used for malware in the past, as has every repository. Google brings back an interesting sounding article which has mysteriously now has been removed.
https://0xthreatintel.medium.com/f-droid-malware-internals-fefdc6307f05
And the issue you linked is a dead point since it’s already fixed
" Shortly after that, a new version (3.17.19) appeared on the APKPure website. According to its description, the update “Fixed a potential security problem, making APKPure safer to use.”
We can confirm that the problem has indeed been fixed: APKPure 3.17.19 doesn’t contain the malicious component. It is safe to use."
Find another outdated article for your FUD campaign
1 Like
Search “f-droid” “trojan” finds mostly stuff about how F-Droid is a better safer alternative to apkpure, which has a documented history of actually delivering trojans.
1 Like
Yes, because all other articles have been removed. Anyone could upload a Trojan to fdroid, plenty would get infected before it’s discovered. I imagine things like that are how you guys get Network Investigation Tools onto people’s devices, look at that drug dealer who had some weird beard app. Either way you can keep looking for hits but people are becoming increasingly aware.
And for anyone believing him for whatever reason, have a look at what fdroid themselves say about it.
" Terms, etc.
F-Droid is a non-profit volunteer project. Although every effort is made to ensure that everything in the repository is safe to install, you use it AT YOUR OWN RISK. Wherever possible, applications in the repository are built from source, and that source code is checked for potential security or privacy issues. This checking is far from exhaustive and there are no guarantees."
≥This checking is far from exhaustive and there are no guarantees
Yeh Jim it looks k, pass her on through
Source: About | F-Droid - Free and Open Source Android App Repository
1 Like
The point is: Can’t F-Droid be any smarter?
At the very least, there should be a useful explanation what had happened (Like: “An URL (show the name preferably) that was expected to to provide an update for %s was invalid.”
Even better: Try alternate URLs automatically if available/possible.
2 Likes
Completely different than apkpure’s disclaimer (not), excerpt:
WE DO NOT WARRANT THAT THE FUNCTIONS CONTAINED IN INFORMATION, CONTENT AND MATERIALS ON OUR SITE OR THROUGH OUR SITE WILL BE UNINTERRUPTED OR ERROR-FREE, THAT DEFECTS WILL BE CORRECTED, OR THAT OUR SITE OR THE SERVERS THAT MAKE SUCH INFORMATION, CONTENT AND MATERIALS AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS.
Source: Terms of use
LOL
1 Like
Indeed. As they say, pull requests are welcomed.
1 Like
Depends on the audience you have in mind. For Tor Browser I was able to get an update by using Google Play instead. Nerds may have a different solution, but honestly:
What is it worth to see an update being announced as being available when you cannot get it through the same program?
2 Likes
The About is clear. About | F-Droid - Free and Open Source Android App Repository It is for passionate FOSS supporters. Things get fixed when someone gives enough of their time or money to get it done. It is on the todo list: Issues · F-Droid · GitLab
Thanks @hans !
1 Like
Good afternoon:
First of all thank you all for your answers and help.
I was finally able to update Tor from the fdroid application.
Today I gave to update to fdroid. It told me that I had several updates. Among them, another new Tor update. I was able to download all of them, except the Tor one. I got the error again.
What I did, is to go to fdroid application settings, then repositories. There I looked at the one that says Guardian Project Official Release:
Click on the name and I got three mirrors or addresses:
Uncheck the last two. Close Fdroid. Clear the Fdroid cache. Then just in case, I ran Lte Cleaner from fdroid.
I went back into the fdroid app. I sent it to update. It did what it was supposed to do. And then I went to settings, installed applications. There I searched for Tor. I hit update, it took a little while but it started downloading the update. And then it told me to install.
I installed it and Tor is up to date.
I tried on another phone and with the two checked that I put in the screenshot also goes.
I hope it can be of help to you too.
The bad thing is that Tor has Trackers and Loggers. Checked with fdroid app manager and gitlab warden (also this in xda)
I do not know if you can remove those trackers and loggers?
A hug and thanks to all.
this should be fixed now. For the backstory, see
1 Like
So basically the issue was that the URL being used did not provide the object; maybe for a “404” the recovery would be to try another URL if present.
For the gitlab thing: Wouldn’t a “git status” tell you that your local workspace is ahead of the (remote) repository if “the push” had failed?