[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] TOR bundle on hostile platforms: why?



My opinion: to be honest we all assume under normal circumstances that a piece
of software is trustworthy until it is proofed that it contains a weakness or
backdoor.

With regard of security the opposite is true: we have to assume a piece of
software to be broken until the opposite can be proofed. And this is the
fundamental error of all closed source software: you cant use it in environments
where security is imperative. Everything else is an illusion. Unfortunately,
most people I know are not aware of this simple law and I work for really large
companies (crowded with thousands of illusionists).

Now I find this software project where security is absolutely imperative. I
understand that the TOR project guys want to have a widespread community of
people working with TOR. So they do support for Windows. But this is like
someone mentined here: like implementing a high security door in a house with no
walls. This is not really true, its more like implementing a high security door
in a wooden barn.

Me personally would never use tor on a Windows host. Currently I am playing with
OpenBSD because even Linux is getting too large for my taste because while
having so much code its more easy to hide something inside.

I was really happy when finding tails. This should be considered as the future
for TOR: it doesnt matter if any DAU (german word for computer beginner) has its
Windows computer full of backdoors and viruses. He just starts from USB or CD
having an acceptable level of security.

So my mind: stop supporting Windows and even stop MacOS. Stop support for ANY
closed source OS. In former years I played with tor on Sparc based hardware
until I got aware that Sun is not willing to publish the sourcecode of its
crypto libraries. This smells funny, isnt it?

If you drop Windows support you have much more time and energy developing save
versions of tails and Whonix and this will improve the reputation of TOR.

Best Regards

Thomas
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk