On 10/19/2016 05:06 AM, Jon Tullett wrote: > On 18 October 2016 at 03:18, Mirimir <[email protected]> wrote: >> On 10/17/2016 06:50 PM, I wrote: >>> >>>> >>>> Running Tor on Windows makes little sense, >>> >>> Didn't Roger ask for more operating system diversity and mention Windows? >> >> Maybe he did. Cite? >> >> But nevertheless, in my opinion, Windows is too snoopy. > > For the record, I'm not personally opposed to the telemetry in > Windows, in context. But I am curious whether the data gathered by > Microsoft could deanonymize a Tor user by, eg, pinpointing Tor usage > within a specific time frame, given a number of assumptions about an > observer's ability to correlate multiple visits to a surveilled site > and so on. I imagine Microsoft would not willingly divulge such info > ("tell us everything about everyone using Tor at these moments" isn't > much of a warrant) but the possibility is what interests me.
Yes, Microsoft would probably not divulge such user data freely, and perhaps not even under subpoena. But consider Microsoft's risk model in gathering the data. Conspiracy theories aside, they arguably gather it for debugging and marketing. So even if it's encrypted, it may not be secure against resourceful adversaries. So anyway, if I wanted to use Tor on Windows machines where I couldn't install stuff or boot Tails, such as at school or work, or in public libraries, Tor browser would be my only option. I do get that. And for sure, I would want a hardened browser. But still, I would feel betrayed if Windows leaks pwned me, and Tor Project hadn't warned me about that. And further, if I actually could have installed VirtualBox and Whonix, I would feel betrayed that Tor Project hadn't recommended that approach. > My guess is that the answer is probably no, at least not practically, > but I wouldn't want to stake my life on it. Right. And it's not just that Windows leaks data. It's just such a security nightmare. Consider the FBI's NITs. Even if they have a Linux dropper and payload, it would fail totally in Whonix, unless it could break out to the host machine. > -J > -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
