On Sun, Sep 4, 2016, at 23:51, No Spam wrote: > On 16-09-04 14:50:23, Dave Warren wrote: > > <...> > If this is the Setting, I THINK Whonix has their VM build with TBB as > Standard Browser
Probably, but in my (limited) experience, it's either painfully slow or a memory hog, or both. The overhead for a Windows 10 VM is surprisingly small, and it's snappy and responsive. Attacks to identify me and/or correlate my physical location or "real" identity vs my tor identity aren't a threat model that worry me in my circumstances, so this configuration is Good Enough for my purposes. > > I also feel that adding legitimate traffic to Tor is a net positive to > > the network (since capacity is not currently an issue), if only to > > prevent the perception that all of Tor is evil bad people doing evil bad > > things. > Yes but the biggest Problem are Malicious Gateways that may try to > steal Credentials or put Malware in you Downloads This is why god invented HTTPS and HTTPS Everywhere. I wish TBB didn't block 1Password (although I understand why it does), as this would reduce my exposure to various types of attacks. Also, I trust random Tor nodes more than random wifi hotspots in tourist/traveler locations (airports in particular, where you have gov't actors, the airport itself and other users). > IMHO the best way to legitimate the Tor network would be to provide and > use HS ( which are much less prone to the previous mentioned Problem > AFAIK ). Having trivial access to hidden services is great too. Facebook is a prime example, I have no practical need as I'm using my real identity, not hiding anything, Facebook forces HTTPS (and I believe, pins their certificates in HSTS lists?), and I discuss my approximate physical location with people on Facebook. But it's likely harder to attack the hidden service than the public HTTPS site, plus staying within the tor network has benefits. But, I want the output from Tor exit nodes to show more legitimate traffic, so even for non-HS traffic, I feel that adding legitimate traffic is a net good idea until/unless the tor network becomes over-saturated or my traffic otherwise impedes a user with actual safety or security needs. I would always yield to those users, as I am lucky and privileged enough to not be one.I understand why the Cloudflares of the world see a lot of abuse coming from tor, but I want to them to see a lot of legitimate user traffic as well. -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
