[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] A secure browsing model?

Thus spake Gozu-san (gozu@xxxxxxxxxxxx):

> OK, I just gotta ask.  And I'm not trolling :)
> How can someone be concerned enough about privacy to use Tor, and yet
> not be concerned about the possibility of inter-process communication?

We are very concerned with it, but only up to a point. We have to
assume (for our own sanity) that the underlying OS and concurrent
applications are not malicious.

However, even non-malicious IPC can still cause problems. See for
example https://trac.torproject.org/projects/tor/ticket/4517

That bug was a new proxy bypass vuln (the first one in literally
years) that happened on Ubuntu Unity, causing a regression in
previously tested drag and drop features that were initially evaluated
as safe.

We really need an automated testing infrastructure to catch stuff like
that, where the platform changes out from under us. I believe we'd
find the need for automated testing with just about any approach as
technologies change out from under us. It's either that, or learn to
accept a higher failure rate over time in the field. That's just basic
engineering :/.

We however have zero automated testing in TBB, and instead depend
entirely on the community, and anonymous reporters like the one who
filed that ticket. Is that enough to lower overall risk? Well, we're
just about the only ones in the world operating even at the level that
we do currently, so who knows. Maybe it is good enough, for now. Can't
beat the price :).

Mike Perry
Exterminate all dogma.
Permit no exceptions.

Attachment: pgpyJWiRnyoYn.pgp
Description: PGP signature

tor-talk mailing list