On Tue, Sep 18, 2012 at 03:13:26PM +0200, li...@infosecurity.ch wrote 2.5K bytes in 57 lines about: : It means that a TBB-like application could be securely delivered and : updated during time via Mac App Store!
This is a false sense of security. I believe most of the time apple's cert for updates and installation will be correct. If the national firewall, or whatever resident malware, can fake the app store host and cert, then all security is gone. Users should not have to provide a verified identity in some way in order to get TBB. Now this just means not only is my computer owned, I've lost my identity and financial information too. The normal user is not going to go through a bunch of steps to register with apple using anonymous pre-paid debit cards and identity. There are people reverse engineering the entire app store for osx, in violation of the ToS. Maybe they'll publish how the app store really works. And how it degrades when the url is blocked, or when presented with an invalid cert (like a corporate proxy server). It will also be interesting to learn how much data is sent back to apple, and how often. Antivirus/antimalware programs seem to sending lots of usage data back to their 'clouds' to aid in detection and protection of the user. Of course, the alternative is to jailbreak your own computer to install non-app store programs. Expecting users to do this will fail massively. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
