[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] security tradeoffs - was Tor and Financial Transparency

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] security tradeoffs - was Tor and Financial Transparency
From: Juan Garofalo <juan.g71@xxxxxxxxx>
Date: Fri, 30 Aug 2013 20:18:20 -0300
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 30 Aug 2013 19:26:49 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:to:from:subject:in-reply-to:references:mime-version :content-type; bh=nAK0t2XFfL+lmeTEMLBhOAi/bnhiN5cm/mK8zh6fx4g=; b=nOe3c0SVNJ29D+hOZrDIXzB90N4j8rSABNUViWKgjlZIpFloWAmUOjIExBZhP15Ik9 QlGySJ5ge3+UXGX4CEbDrHL9q8V3kcqyUGYS3aO2pZHAmSt2xPzxjNzattRCy1abMyTb kz0gRbXFPNnvayEr1snrjIg31m8WAFJl9jdAGiQ/E0ZLwjfECR4RqSJp/MHzNAzu0Z/Q eposE4vYd0yZzONxEk+QjXFxqCrliiItpoNq2vZRRN5AaI8TLTW44Kt2irnlJw+R+dF9 OeHX/l9CT6NZum3OFyKzLDWqdBMhqbllUv4SGjWN711Ie+EmIkh/X77JdQJ3PBgdI+FS PwRQ==
In-reply-to: <52211DEC.10507@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <5.2.1.1.1.20130830173636.01a52de0@xxxxxxxxxxxxx> <5220AE5D.1010608@xxxxxxxxxxxxxx> <5.2.1.1.1.20130829154507.01883e30@xxxxxxxxxxxxx> <3f6cdb8a5980a62d93eeb2f7a0d0ed0c.squirrel@xxxxxxxxxxxxxxxxxxxxxx> <20130828134436.2b112382@kilik> <42e58806f11b82a4cf4b9d71b021cfbf.squirrel@xxxxxxxxxxxxxxxxxxxxxx> <20130829143550.4378c245@kilik> <5.2.1.1.1.20130829154507.01883e30@xxxxxxxxxxxxx> <5.2.1.1.1.20130829172147.01873b70@xxxxxxxxxxxxx> <5.2.1.1.1.20130830045231.0187f250@xxxxxxxxxxxxx> <5.2.1.1.1.20130830062956.018803a0@xxxxxxxxxxxxx> <5220AE5D.1010608@xxxxxxxxxxxxxx> <5.2.1.1.1.20130830173636.01a52de0@xxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

At 10:34 PM 8/30/2013 +0000, you wrote:
>On 08/30/2013 10:06 PM, Juan Garofalo wrote:
>
>> At 11:33 AM 8/30/2013 -0400, Paul S. wrote:
>
>SNIP
>
>>> See all the research on the issues trade-offs, threats, designs,
>>> etc. that Tor Project Inc. employees, government employees, 
>>> university and corporate researchers, and lots of others have done 
>>> trying to design for a diverse userbase.
>>> www.freehaven.net/anonbib/ is a fine place to start. If you can
>>> come up with better designs, we would love to have them.
>
>SNIP
>
>> For what it's worth : trying to have a diverse and big user base, and
>> providing security for all users seems to be impossible. You either
>> provide relatively good security for a small number of sensitive
>> users, or relatively lax security for 'general' users.
>
>As I understand Tor, that's precisely what Tor doesn't do. Its goal is
>providing security through relatively-strong anonymity to all users.
>
>If, by "relatively lax security for 'general' users", you're referring
>to having NoScript configured by default to allow all sites, that's
>arguably the best option for most users.  


        That would be one example. Support for flash videos (or not) is probably another example. Should people install addons they use in their non-Tor browser? etc.


>Any user can choose to block
>scripts by default on all sites, or allow on a per-site basis, trading
>off anonymity for protection against script-based exploits.


        ...which is not a choice the 'typical' user with basic knowledge of computers can make? Buffer overruns? What? 




>Also, any user who's that concerned about script-based exploits ought to
>be running the Tor client and their apps in separate machines, or at
>least in separate VMs. No?

        Perhaps. 

        But doesn't that contradict what you said at the beginning? 

        "[Tor's] goal is providing security through relatively-strong anonymity to all users."




>SNIP
>
>
>-- 
>tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
>To unsusbscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk 

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] security tradeoffs - was Tor and Financial Transparency
  - From: mirimir

References:
- Re: [tor-talk] Tor and Financial Transparency
  - From: Juan Garofalo
- Re: [tor-talk] Tor and Financial Transparency
  - From: Sebastian G. <bastik.tor>
- Re: [tor-talk] Tor and Financial Transparency
  - From: Juan Garofalo
- [tor-talk] Tor and Financial Transparency
  - From: BM-2D9WhbG2VeKsLCsGBTPLGwDLQyPizSqS85
- Re: [tor-talk] Tor and Financial Transparency
  - From: Andrew Lewman
- Re: [tor-talk] Tor and Financial Transparency
  - From: BM-2D9WhbG2VeKsLCsGBTPLGwDLQyPizSqS85
- Re: [tor-talk] Tor and Financial Transparency
  - From: Andrew Lewman
- Re: [tor-talk] Tor and Financial Transparency
  - From: Juan Garofalo
- Re: [tor-talk] Tor and Financial Transparency
  - From: Juan Garofalo
- Re: [tor-talk] Tor and Financial Transparency
  - From: Juan Garofalo
- Re: [tor-talk] Tor and Financial Transparency
  - From: mirimir

Prev by Author: Re: [tor-talk] Tor and Financial Transparency
Next by Author: [tor-talk] ahmia search engine online meeting
Previous by thread: Re: [tor-talk] Tor and Financial Transparency
Next by thread: Re: [tor-talk] security tradeoffs - was Tor and Financial Transparency
Index(es):
- Author
- Thread