[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Real basic questions for linux

On Tue, Jan 3, 2012 at 20:42, Julian Yon <julian@xxxxxxxxxx> wrote:
> There's a good reason still to use the Tor Browser: it provides a
> "standard" environment which is the same as every* other Tor user's.
> Safety in numbers is never truer than with anonymity; compare with the
> Black Bloc tactic often used at demonstrations. If everyone looks the
> same it's much harder to identify individuals.

Tor is an infrastructure with a history of being developed and
researched by experts in network security and anonymity. Due to its
unique standing in the congregation of similar networks, Tor attracted
a fair amount of academic scrutiny, which resulted in many refinements
and extensions for resisting various types of attacks, and in
documenting its known weaknesses. While I dislike the excessive
stiffness of the project (RSA-1024? The 90's called, and they want
their “military-grade encryption” back) and inability to resist the
status quo (what again is the reason for not making nodes relay
traffic by default? beyond you publishing another conference paper on
the oh-so-terrible dangers of that in order to pad your CV, that is),
I trust the Tor project to produce something solid and to not grossly
overestimate its security and anonymity guarantees.

Tor Browser, on he other hand, is just some hack for mangling browser
headers. Who develops it? Who scrutinized it? Were it the same people
who recommended using the unstable and inadequate Polipo proxy
(over-64 MiB files? Nah, never heard of those) instead of
well-established Privoxy previously, due to some imaginary perceived
limitations of the latter (reading manuals is boring, I guess)? Is
there any evidence that Tor Browser prevents fingerprinting which is
marginally more sophisticated than looking at some subset of browser
headers regardless of their order? Or is the joke that is Panopticlick
with its “bits of identifying information” as state-of-the-art as it
gets (mind you, I was able to fool it with Privoxy rules in Liberté,
masquerading as TBB, although I know that the specific browser in use
can still be fingerprinted differently)? Who cares — let's ship this
junk in a bundle, and convince everyone of its utmost necessity.

inb4: Yeah, well, that's just, like, your opinion, man.

Maxim Kammerer
Liberté Linux (discussion / support: http://dee.su/liberte-contribute)
tor-talk mailing list