On 12.04.2011 16:59, Milton Scritsmier wrote: > After reading most of the replies to this topic, I'm not sure the > average user has weighed in. [...]
Thank you. This list is dominated, if not completely focused, on development and security research. The Torproject as a whole has for the last 10 years failed to split off a separate section for users (website, FAQ, mailing list, whatever). I don't think there is a proper way to do it and not duplicate stuff, however. There are a few other reasons that stopped Torproject from doing that, the most prominent I think always was that "devs should not lose contact with actual users". > And so far I don't think anybody has solved the problem of a user > who understands relatively little about computers trying to remain > secure against a regime with vast resources and skills at its disposal. I don't consider myself a security researcher, but I've been following the Tor project since its early days. The misconception and misunderstandings grew over time as the user base expanded, and while Torbutton is a great and excellent project, in a way it only further complicated things. The problem is rooted in the vocabulary. I am not sure if it's the best thing to cite, and I am in no way educated enough to say it is the definitive guide, but as far as I know the "Anon Terminology" paper published by Andreas Pfitzmann since 2000 tried to form a definitive base for discussion. He collected, if not influenced, different terms around anonymity. http://dud.inf.tu-dresden.de/Anon_Terminology.shtml It's been a while since I've last read it, but if I remember correctly it fails to separate anonymity into different "types". Anonymity is a hard term, and simply cannot be achieved when using electronic communication. Tor, without Torbutton, tries its best to anonymize *traffic*, ie. make it hard to know who is talking to whom. Tor does not, and never did, try to fix the problem of identifying information *inside* the transported data. Tor is completely neutral in that respect. The problem is that a lot of applications transmit user identifyable information. It is not Tor's job to stop that, mostly because there is no way to know what kind of information is "identifying" in a certain situation, and if the user wants to transmit that kind of information in the first place. Torbutton, despite its name, has nothing to do with Tor. It works great for any other proxy software, too. Torbutton does what Tor does not: Block application-specific information that could leak your identity without you explicitly telling it to do so. For that, it has to know the protocol and the application. Any other application or protocol could as well be "screened and cleaned" by something like Torbutton. For example, one could write a "BittorrentButton" for a torrent client. In general, I find it hard to explain the difference, because the community lacks different names for the different properties that, as a whole, define "anonymity". At least I don't know how to separate these, but maybe I'm just not educated enough. -- Moritz Bartl https://www.torservers.net/ _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
