On 7/14/2016 2:34 PM, Jon Tullett wrote:
Thanks Jon. I agree w/ most that you said. Again, semantics. Whether they cracked Tor or Tor Browser won't change if the brutal dictator has you shot in the front or back of the head. :)2. Aren't statements (from anyone) like, "... generally crack the servers hosting the illicit material, not Tor itself," sort of a matter of semantics?Depends on the context, I guess. To the user, maybe, but in the context of this (Tor) community, the distinction matters. Browser vulns and server exploits are common. Tor's crypto is not, AFAIK, known to be compromised.
Unless one is using Tor w/ their own internet browsing application, an exploited weakness in Tor Browser - modified Firefox - has the same effect on users. They're a package deal. If claiming, there are no known cases of authorities "cracking Tor" or using its weaknesses to deanonymize users, that may be correct, AFAWK. But, it's been shown time & again, "we" don't know very far regarding what gov'ts & their agencies can / can't do, or have / haven't done. An unfortunate fact for citizens everywhere. "Absence of evidence is not evidence of absence," as to their capabilities. If any government cracks Tor, it'll be of the highest security classification. Most advanced governments aren't as bungling & clueless as many think they are.
True - if someone cracked Tor, this show is over - for a while. To Prisoner Number Six, it makes no difference if the chink was in Tor proper, or in the browser. It matters to Tor Project for ego & bragging rights & it matters regarding whether only a few unlucky freedom fighters got caught, or if Tor needs a complete overhaul.
You're not really suggesting that users under hostile dictatorships or ones trying to expose democratic government unconstitutional actions, take full responsibility for the ongoing modifying, patching & constant reading about weaknesses of Tor Browser "for their own security?" That Tor Project is saying Tor is relatively anonymous; as for Tor Browser, everyone's on their own.The issue of who should be responsible for alerting a user to possible risks is debatable. Tor's job, after all, is not to keep users secure; it's to keep them anonymous. I don't speak for the Tor project, but I expect the assumption is that users should take responsibility for their own security, just as they should take responsibility for antivirus, patching, and brushing their teeth :) -J
If one is in the right (or wrong) situation, anonymity = security. Lack of anonymity may = jail or death. Not for me & presumably not Tor developers, but for some users that Tor was designed for.
Six out. -- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk