I dont have any preference here related to the other PR. @cd2357 Which do you recommend?

The other PR is more conservative (tor browser 9.5.3 -> 9.5.4), this one more aggressive (9.5.3 -> 10.0).

But since tor browser 9.5.4 will be the last one from the 9.5 branch (as per release notes), it means only 10.x will receive patches and updates from now on.

Which means we'll have to switch to the 10.0 binaries sooner or later anyway. So we might as well do it now.

So I'd suggest this PR over #4601.

@cd2357 On which OS did you test the new binaries?

Works on macOS 10.15.6

@cd2357 On which OS did you test the new binaries?

I tested this PR on macOS 10.15.6 + Windows 10 + Debian 10.6, where tested = started the desktop app, synchronized DAO to latest state, browsed around a bit.

the tor browser version is of no interest at all to bisq or the netlayer or the tor-binary project. The only reason to use the tor browser binaries in the first place was that the tor guys released signed versions of these binaries - hence, we have a trusted source of tor binaries. There has not been any other source of plain tor binaries. This is also why we do not have tor for ARM in there yet, despite JesusMcCloud/tor-binary#3.

That being said, @cd2357 can we trust you that you verified every and all signatures prior to injecting the sha256 sums? did anyone check if cd2357 did?

the tor browser version is of no interest at all to bisq or the netlayer or the tor-binary project. The only reason to use the tor browser binaries in the first place was that the tor guys released signed versions of these binaries - hence, we have a trusted source of tor binaries.

Yes.

Currently there was no way to check if the tor binaries used in Bisq were the ones extracted from authenticated tor browser binaries, because:

• current tor binaries used in Bisq are extracted from tor-browser 9.5.3 (for which binaries or hashes are not provided anymore on the official website)
• the build process which processed those tor-browsers to extract the tor binaries relied on SHA-512, and there are no published SHA-512 hashes for any official tor-browser binary

Therefore, to establish some sort of proof that our jars are built from binaries from the official tor-browser binaries, I forked tor-binary and netlayer (links to branches and jitback builds in PR description above), plus modified the process to check the published SHA-256 hashes.

That being said, @cd2357 can we trust you that you verified every and all signatures prior to injecting the sha256 sums? did anyone check if cd2357 did?

Don't trust, verify :)

• Published signed hashes: https://dist.torproject.org/torbrowser/10.0/sha256sums-signed-build.txt
• Signature of published signed hashes: https://dist.torproject.org/torbrowser/10.0/sha256sums-signed-build.txt.asc
• Public key for checking the signature: https://support.torproject.org/tbb/how-to-verify-signature/
• Committed SHA-256 hashes: cd2357/tor-binary@3dbd395

The commited hashes should match the ones from the published hash list, which should match the list signature linked above.