On 15 July 2016 at 01:23, Joe Btfsplk <joebtfs...@gmx.com> wrote: > On 7/14/2016 2:34 PM, Jon Tullett wrote: >>> >>> 2. Aren't statements (from anyone) like, "... generally crack the >>> servers >>> hosting the illicit material, not Tor itself," sort of a matter of >>> semantics? >> >> Depends on the context, I guess. To the user, maybe, but in the >> context of this (Tor) community, the distinction matters. Browser >> vulns and server exploits are common. Tor's crypto is not, AFAIK, >> known to be compromised. > > Thanks Jon. I agree w/ most that you said. Again, semantics. Whether they > cracked Tor or Tor Browser won't change if the brutal dictator has you shot > in the front or back of the head. :)
Again, remember that this conversation was in the context of Freedom Hosting. Absolutely agree that the same style of investigation could (and probably does) happen in a more brutal political regime. Users there, being at greater risk, have a greater need to take further steps to protect themselves. > Unless one is using Tor w/ their own internet browsing application, an > exploited weakness in Tor Browser - modified Firefox - has the same effect > on users. They're a package deal. Well, no. Tor does make it clear you need to do more than just downloading TBB to be anonymous and secure. If you think TBB is a single-solution prepackaged silver bullet, you are at risk. I don't think there's any debate whether Tor should try to be such a silver bullet - clearly it can't and shouldn't - the question seems to be around whether Tor should give more clear guidance/warnings. I'm always in favour of that. > You're not really suggesting that users under hostile dictatorships or ones > trying to expose democratic government unconstitutional actions, take full > responsibility for the ongoing modifying, patching & constant reading about > weaknesses of Tor Browser "for their own security?" Yeah, I kinda am. Users in such hostile environments absolutely need to take more care to keep themselves secure, and not just online. If you are relying on any product to keep you alive, you definitely should be constantly reading about it. > That Tor Project is saying Tor is relatively anonymous; as for Tor Browser, > everyone's on their own. It's saying that the Tor network will help you stay anonymous, and the browser bundle will help facilitate that, but you also need to take further steps to stay anonymous and secure. I think that's realistic and reasonable. Also, remember there is no such thing as 100% security, and the incremental usability/security tradeoffs become more severe the further you go. Everyone has to decide for themselves where to draw the line - how secure they want to be and how much compromise they can accept. All a third party like Tor (or you and I) can do is educate. -J -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
