bo0od:
- no IP logging - no external resources
You shouldnt trust TPO on not doing that either (not because they do
that but because there is no control on that from user side so you
should assume the worst when it comes to
security/privacy/anonymity).
I see your point as an end user here, but from the torproject's point of view
it would expect
a more cautious approach with tor user information and practice harm reduction
strategies
instead of saying
'Oh, you didn't use tor browser to protect yourself when you accessed our
support forum? It's your fault'
to avoid a future where discourse gets compromised and someone publishes/leaks
all forum logs.
If you don't log it in the first place, there is less data that can harm you
afterwards.
Expecting users to never open an url in the "wrong" browser window is a bit
unrealistic.
It is also a matter of leading by example - especially for a privacy focused
project.
At the end user need to trust an entity to make discourse functional,
TPO or not doesnt matter.
I believe it does make a difference where you host something that requires
some level of trust especially when it is visible in the url bar,
because users trust some entities (or domains) more then others.
kind regards,
nusenu
--
https://nusenu.github.io
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
