How to upload binary ZIP file to net anonymously?

Where/how can we upload a binary ZIP file onto the net anonymously?

On the Android newsgroup we have been discussing how some free apps get
worse over time, where a particularly useful app got worse so that the
older version is more desirable than the newer version.
Google Now Launcher to be pulled from the Play Store in Q1 2017
https://groups.google.com/forum/#!to...id/e17_KIXjYKs

The solution to apps changing out from under us is to use a good free app
backup solution, which can retroactively re-create the original installer,
(even if it was a system app or carrier bloatware) and which can
automagically back up all installed apps the moment they are installed.

I use just such one app, but the newer versions are worse than the older
versions so I just want to upload my ZIP file for this one user to use.

The actual app is "App Backup & Restore" which automagically backs up all
installed apps to a ZIP file, which we have found to be "mostly" portable
to other devices.
https://groups.google.com/forum/#!or...s/k0uCMeCYBgAJ

The ZIP file is 3,241KB stored on Windows:
"App Backup & Restore-mobi.infolife.appbackup-53-v3.2.0.apk"

I have two Windows questions:
a. How do I get a reliable hash for this file
b. Where can it be uploaded temporarily for this one purpose
(without having to expose who I am on the net)?

Stijn De Jong wrote:
Where/how can we upload a binary ZIP file onto the net anonymously?

If I search on anonymous file sharing I get this 2016 Sep article among
other hits:

http://merabheja.com/anonymous-file-sharing/ 7 Best Anonymous File
sharing sites : No registration required


Range of filesizes 50 meg to 5G. Add'l info in comments.

--
Mike Easter

xposts deleted

Stijn De Jong wrote:
I have two Windows questions:
a. How do I get a reliable hash for this file

MS fciv https://support.microsoft.com/en-us/help/841290 Availability
and description of the File Checksum Integrity Verifier utility

Nirsoft: http://www.nirsoft.net/utils/hash_my_files.html HashMyFiles
v2.21 - Calculate MD5/SHA1/CRC32 hashes of your files


--
Mike Easter

On 2/11/2017 10:26 AM, Stijn De Jong wrote:
Where/how can we upload a binary ZIP file onto the net anonymously?

On the Android newsgroup we have been discussing how some free apps get
worse over time, where a particularly useful app got worse so that the
older version is more desirable than the newer version.
Google Now Launcher to be pulled from the Play Store in Q1 2017
https://groups.google.com/forum/#!to...id/e17_KIXjYKs

The solution to apps changing out from under us is to use a good free app
backup solution, which can retroactively re-create the original installer,
(even if it was a system app or carrier bloatware) and which can
automagically back up all installed apps the moment they are installed.

I use just such one app, but the newer versions are worse than the older
versions so I just want to upload my ZIP file for this one user to use.

The actual app is "App Backup & Restore" which automagically backs up all
installed apps to a ZIP file, which we have found to be "mostly" portable
to other devices.
https://groups.google.com/forum/#!or...s/k0uCMeCYBgAJ


The ZIP file is 3,241KB stored on Windows:
"App Backup & Restore-mobi.infolife.appbackup-53-v3.2.0.apk"

I have two Windows questions:

If you're using windows and have only one destination, why do you need
to upload it anywhere?

www.rejetto.com will get you a dead easy http file server that you can have
the other guy log into and grab it with a browser.
It's also very useful for your own local file transfers because it will
work with anything with a web browser. No new apps, no passwords,
no protocol issues...it just works.

a. How do I get a reliable hash for this file b. Where can it be
uploaded temporarily for this one purpose
(without having to expose who I am on the net)?

On 2017-02-11 19:26, Stijn De Jong wrote:

I have two Windows questions:
a. How do I get a reliable hash for this file b. Where can it be
uploaded temporarily for this one purpose
(without having to expose who I am on the net)?

You can use a p2p file sharing app, like emule. Just put it in the
shared directory, and post the e2k link to it. Or torrent, but this one
I don't know the method.

However, the other party may find your IP.

--
Cheers,
Carlos E.R.

On Sun, 12 Feb 2017 02:55:51 +0000 (UTC), Stijn De Jong wrote:

Looking about, I see this "copy link" near the top so I click that.
http://i.cubeupload.com/iCPBhQ.jpg

If it worked, this is the link:
http://ge.tt/12S0xli2

As a related aside, is there a way to run a malware scan on this file once
someone downloads it, either from Windows, Android, or Linux?

From Linux or Windows, would that malware scan find an "Android" virus?

I'll ask separately for Android what's a good scanner for malware that
people who download that ZIP file can run to test it for malware.

On 2017-02-12 03:55, Stijn De Jong wrote:

BTW, is there a way to test the integrity on my side (Windows XP or Android
4.3) by posting some kind of "hash" that proves it's the same when you
download it as when I uploaded it?

As you posted on alt.os.linux, I can tell one method to do on Linux:

cer@minas-tirith:~ md5sum -b DSC_0318.jpg
81ecb46a6c6f996014e2d1931148ece0 *DSC_0318.jpg
cer@minas-tirith:~

You just post that...

Similar programs surely exist for windows.

--
Cheers,
Carlos E.R.

On Sun, 12 Feb 2017 04:11:26 +0100, Carlos E. R. wrote:

Similar programs surely exist for windows.

With the keywords you kindly provided, I found this:
http://superuser.com/questions/24577.../898377#898377

Which says:
CertUtil is a pre-installed Windows utility that can be used to generate
hash checksums:

certUtil -hashfile pathToFileToCheck [HashAlgorithm]
HashAlgorithm choices: MD2 MD4 MD5 SHA1 SHA256 SHA384 SHA512

So for example, the following generates an MD5 checksum for the file
C:\TEMP\MyDataFile.img:
CertUtil -hashfile C:\TEMP\MyDataFile.img MD5

Unfortunately, it doesn't seem to be on WinXP.

But now I had the linux md5sum keyword, so, googling for Linux md5sum in
Windows, I found:
http://www.linuxquestions.org/linux/...sum_in_Windows

Which says this is the executable:
http://www.etree.org/cgi-bin/counter...are/md5sum.exe

I saved the md5sum.exe file next to the APK and ran this:

C:\ md5sum.exe "App*"
8735787752b5d652a0ee132fd44c87eb *App Backup &
Restore-mobi.infolife.appbackup-5
3-v3.2.0.apk

So is the Windows XP Linux-like MD5 checksum
"8735787752b5d652a0ee132fd44c87eb"?

In message , Stijn De Jong
writes:
[]
BTW, is there a way to test the integrity on my side (Windows XP or Android
4.3) by posting some kind of "hash" that proves it's the same when you
download it as when I uploaded it?

There are I think lots of tools; one I came across recently is Hasher
(http://www.den4b.com/products - scroll down until you find it) which
says it's a "Hashing utility for verifying integrity of files using a
wide range of supported algorithms: CRC32, MD2, MD4, MD5, SHA1, SHA256,
SHA512, RipeMD128, RipeMD160, ED2K." I haven't tried it.


--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

Facts do not cease to exist because they are ignored.

On 2017-02-12 04:51, Stijn De Jong wrote:
On Sun, 12 Feb 2017 04:11:26 +0100, Carlos E. R. wrote:

Similar programs surely exist for windows.

With the keywords you kindly provided, I found this:
http://superuser.com/questions/24577.../898377#898377

....


....

Which says this is the executable:
http://www.etree.org/cgi-bin/counter...are/md5sum.exe

I saved the md5sum.exe file next to the APK and ran this:

C:\ md5sum.exe "App*"
8735787752b5d652a0ee132fd44c87eb *App Backup &
Restore-mobi.infolife.appbackup-5
3-v3.2.0.apk

So is the Windows XP Linux-like MD5 checksum
"8735787752b5d652a0ee132fd44c87eb"?

Yes.
You need also to publish the link to the program you used, because there
have been instances of broken implementations.

--
Cheers,
Carlos E.R.

On 2017-02-12, Stijn De Jong wrote:
On Sun, 12 Feb 2017 02:55:51 +0000 (UTC), Stijn De Jong wrote:

Looking about, I see this "copy link" near the top so I click that.
http://i.cubeupload.com/iCPBhQ.jpg

If it worked, this is the link:
http://ge.tt/12S0xli2

As a related aside, is there a way to run a malware scan on this file once
someone downloads it, either from Windows, Android, or Linux?

From Linux or Windows, would that malware scan find an "Android" virus?

I'll ask separately for Android what's a good scanner for malware that
people who download that ZIP file can run to test it for malware.

if they trust you publish a hash, if they doen't trust you there's no
point telling them how to scan it.

--
This email has not been checked by half-arsed antivirus software

Stijn De Jong wrote:
Where/how can we upload a binary ZIP file onto the net anonymously?
[...]
I use just such one app, but the newer versions are worse than the older
versions so I just want to upload my ZIP file for this one user to use.

The actual app is "App Backup & Restore" which automagically backs up all
installed apps to a ZIP file, which we have found to be "mostly" portable
to other devices.
https://groups.google.com/forum/#!or...s/k0uCMeCYBgAJ

The ZIP file is 3,241KB stored on Windows:
"App Backup & Restore-mobi.infolife.appbackup-53-v3.2.0.apk"

I have two Windows questions:
a. How do I get a reliable hash for this file
b. Where can it be uploaded temporarily for this one purpose
(without having to expose who I am on the net)?

IMO, a. and b. are mutually exclusive/incompatible. Why the need for a
checksum if the originator cannot be trusted (because he wants to be
anonymous)?

In the original thread (in comp.mobile.android), I've suggested a
solution (WeTransfer.com) for the case in question (e-mail address of
receiver known). If - for this case - you want to be anonymous, you can
use a non-personal e-mail address.

For the general case, you've been given solutions in both the original
thread and this one.

On 2017-02-12 15:24, Frank Slootweg wrote:
Stijn De Jong wrote:


I have two Windows questions:
a. How do I get a reliable hash for this file
b. Where can it be uploaded temporarily for this one purpose
(without having to expose who I am on the net)?

IMO, a. and b. are mutually exclusive/incompatible. Why the need for a
checksum if the originator cannot be trusted (because he wants to be
anonymous)?

To verify that a third party has not modified the file, or that is was
not accidentally modified in transit.

--
Cheers,
Carlos E.R.

On 12 Feb 2017 14:24:00 GMT, Frank Slootweg wrote:

IMO, a. and b. are mutually exclusive/incompatible. Why the need for a
checksum if the originator cannot be trusted (because he wants to be
anonymous)?

I don't understand your question, so I will just answer what I think is the
question, which has multiple parts, not necessarily all combined.

1. Why the checksum?
2. Why anonymous?
3. Why the malware scan?

The purpose, as I understand it, of the checksum, is simply to prove that
the file isn't changed between the time it was on my system, and the time
it gets to the end user system. Why would the checksum change? If something
went wrong accidentally, or on purpose, in the multiple (unknown) world of
posting a binary file to an arbitrary server on the Internet.

The purpose of being anonymous is obviously privacy. The anonymity has
nothing whatsoever to do with the file upload, as that privacy purpose
preceded the upload by twenty years. I've been on Usenet for decades
(yes, that's plural) and yet, machine aggregators would have a tough time
linking all my tens of thousands of posts together, unless they read
every one, since I don't change my social cues. All my headers except
the subject line are always temporary for privacy reasons. If you ask
why privacy, then you have to listen to Snowden's remarks which are that
you have to prove first why I should NOT have privacy, if you're going
to ask that question.

The purpose of the malware scan is to assure the recipient that the post
that I put there doesn't contain malware. The sweetest talking swindler
out there can't be trusted, so, even though I'm a nice guy, I wouldn't
trust me unless i personally knew me. And few people on Usenet personally
know me. So, malware scans seem like something that is normal, just as
they check my passport at the airport.

In the original thread (in comp.mobile.android), I've suggested a
solution (WeTransfer.com) for the case in question (e-mail address of
receiver known). If - for this case - you want to be anonymous, you can
use a non-personal e-mail address.

Rest assured I have a multi-step process for obtaining a Gmail email
address without giving Google my real phone or any real contact
information, but it's too much work and it only works for a few weeks
(before Google eventually asks for real contact information).

For something as simple as uploading a single file that I don't even
know if the expected recipient even wants to download it, the solution
that Mike Easter proposed worked fine in the second try.

Had Mike's suggestion failed, I would have gone down the list of options
until I found one that worked.

Had I intended to run a survey, then I would have done all the options,
but my intent was just to upload the file, where the second attempt worked
fine (I think). I have no confirmation that anyone bothered to download
it though, so, I don't know if the effort was in vain.

For the general case, you've been given solutions in both the original
thread and this one.

Yep. Here's a summary.

1. It's a good idea, on Android, to run an autoamagic app backup utility
because many free apps get worse over time and the older APKs are harder
to get.

2. A great free app backup and restore utility that I recommend is the
one I use on Android 4.3 Samsung Galaxy S3 is
App Backup & Restore-mobi.infolife.appbackup-53-v3.2.0.apk

3. The current version of that program is he
App Backup Restore - Transfer, by Apex Apps
https://play.google.com/store/apps/d...life.appbackup

4. The checksum of my version of the program is:
C:\ md5sum.exe "App*"
8735787752b5d652a0ee132fd44c87eb *App Backup & Restore-mobi.infolife.appbackup-53-v3.2.0.apk

5. For 30 days, the location of my uploaded version of the 3MB APK is:
http://ge.tt/12S0xli2

6. I suggest recipients check files for malware & md5checksum before
trusting anything from anyone on the Internet (including from me).

7. I don't know how to check that file, on Android, for malware or
for its checksum though. Do you?

On Sun, 12 Feb 2017 08:36:49 +0000, J. P. Gilliver (John) wrote:

There are I think lots of tools; one I came across recently is Hasher
(http://www.den4b.com/products - scroll down until you find it) which
says it's a "Hashing utility for verifying integrity of files using a
wide range of supported algorithms: CRC32, MD2, MD4, MD5, SHA1, SHA256,
SHA512, RipeMD128, RipeMD160, ED2K." I haven't tried it.

I ended up using
http://www.linuxquestions.org/linux/...sum_in_Windows

Which says this is the executable:
http://www.etree.org/cgi-bin/counter...are/md5sum.exe

I saved that md5sum.exe file next to the APK and ran this:

C:\ md5sum.exe "App*"
8735787752b5d652a0ee132fd44c87eb *App Backup &
Restore-mobi.infolife.appbackup-5
3-v3.2.0.apk