[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] New Tor Browser Bundles with Firefox 6

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] New Tor Browser Bundles with Firefox 6
From: Justin Aplin <japlin@xxxxxxxxx>
Date: Sun, 21 Aug 2011 15:28:44 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 21 Aug 2011 15:29:03 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=content-type:mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to:x-mailer; bh=kWaY9f6m0ZGohmDOqxUm0NUxu0fcQgffFmHxTz1Rm6M=; b=LjYbdG+gLSbv6IKI/Pyi4fW5vdvx1n6p1CRdvW/2LpArpBN3tlGvhvJC0oNlUI6j3v 7hbZmDtzsQtilVxNxiMGStFf58C/K4GojEncRQFPIQ6reIgSpcnXDYcHnnqS/SHF+3s3 HlcCcBrA5UwNSG+Rrk3eSqzRt54eFCpbcMHH4=
In-reply-to: <4E51542A.5020509@xxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAMtFrUHdqLLR4L=X9WcPGiW=_Loyop9qpSKe_Dj_qVc4H0nOsA@xxxxxxxxxxxxxx> <4E51542A.5020509@xxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

On Aug 21, 2011, at 2:53 PM, Joe Btfsplk wrote:

> On 8/21/2011 5:51 AM, Runa A. Sandvik wrote:
>> Hi everyone,
>> 
>> We've updated the experimental Tor Browser Bundles to Firefox 6 and
>> all users are strongly encouraged to upgrade, as Firefox 6 fixes some
>> serious security issues present in Firefox 5. See
>> https://blog.torproject.org/blog/new-tor-browser-bundles-firefox-6 for
>> more information and download links.
> Thanks.  How "experimental" are they?  They are alpha releases, after all.  For most software, alpha releases are only intended for testing (most developers stress that point).  For something involving privacy / anonymity (depending on where you live), is using an alpha version for every day use advisable?  Yes, Firefox 6 fixes security issues, but TBB is alpha.

What you're doing here is switching from a bundle of software that has *known*, readily-exploitable security issues, to a bundle which fixes those particular issues but *might* have unknown security issues. Some of these unknown issues may have also existed in the previous version(s), some may be new. Since software will rarely, if ever, be "exploit-free", by upgrading in this manner you're taking a small risk of opening yourself up to new exploits in order to greatly reduce your risk of being exposed to current ones.

> I've always wondered about Tor Project's (perceived) different opinion that users should switch to a , b versions - vs. other developers' caution about using them.

In my experience, developers usually say this because they don't want to be held responsible (read: blamed) for compromising the stability of production machines. This applies to Tor as well, since the alpha and beta branches tend to crash more frequently than the stable branch does. But since the alpha and beta branches tend to include new features, and since the majority of new features in Tor are geared toward improving security, the same logic as above applies.

~Justin Aplin

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] New Tor Browser Bundles with Firefox 6
  - From: Joe Btfsplk

References:
- [tor-talk] New Tor Browser Bundles with Firefox 6
  - From: Runa A. Sandvik
- Re: [tor-talk] New Tor Browser Bundles with Firefox 6
  - From: Joe Btfsplk

Prev by Author: Re: [tor-talk] Any problem installing TBB & Vidalia bundle on same machine?
Next by Author: [tor-talk] [GSoC] Metadata Anonymisation Toolkit
Previous by thread: Re: [tor-talk] New Tor Browser Bundles with Firefox 6
Next by thread: Re: [tor-talk] New Tor Browser Bundles with Firefox 6
Index(es):
- Author
- Thread