Nick Mathewson:
>
> I think that's actually a false dichotomy, and an interesting one. In
> order to help users get security, an option needs to work in a way
> that they they expect. Otherwise, when they try to avoid using nodes
> in one way, and they wind up telling Tor to do something else
> entirely, they are likely not to get the security properties they
> thought they were getting by asking for what they thought they were
> asking for.
You're right, of course. You have to program for Tor's most at-risk
user, and I'm in the privileged position of occasionally being able to
play double-or nothing with my (ano/pseudo)nymity. It's just that this
particular issue is one often levelled as an accusation by the
Tor-is-broken brigade, and anything that could scupper traffic analysis
might alleviate their concerns. In any case, I hope your checklist goes
some way towards adding this feature into a future build; I wish I could
contribute.
>> Is there a list of these
>> that Tor uses, or do I have to enter them manually? (I'm not a
>> programmer, evidently.)
>
> No trouble. I *am* a programmer, and I figure the least I can do here
> is generate the list for you.
>
> I made it with
>
> perl -ne 'if (/,([A-Z][A-Z])$/) {print "{\1},\n";}' src/config/geoip
> |sort | uniq |fmt
>
> though there are probably better ways.
>
Wicked. Clearly the next thing I have to do is learn Perl.
I hope nobody assassinates you in the near future.
Yours,
h
_______________________________________________
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
