[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] FBI cracked Tor security

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] FBI cracked Tor security
From: Jon Tullett <jon.tullett@xxxxxxxxx>
Date: Mon, 18 Jul 2016 14:11:34 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 18 Jul 2016 08:11:52 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=0MrO++TG2hFtzJ6TyDbQd7mHfhPz7A3bZJXD9Vxp+lc=; b=KXePGK+r74OmBUdB4O22Hn4KIiiicHKE5KWS+sB8trI86YggSlg3+Tv1VUyOuFvd1c kgfbmqMrA8ESOf/JFwtx1114RawlDqEQH2IyKfOHjCOVKrNs/xD9MyKcHAAcoHUzNpmv 8VWU0zCwlmVaY146CqJ6MU1nCNJPo14hGGyd1ANT85AGagJzA0IFscOqUyCryedts3jb 2gPWntLPD8+k2cfBXpG7yRMgx6aYzB90fvnYrmfT+Jq8cb/9yXwDJaGtseQTLP88u5c1 n2xYjZtJYds7rmUfQ9kU8OacasglmrJcQtmKaioS80hC1WX45jxohCLz+eup9amjICga DtlA==
In-reply-to: <578AF771.6020009@riseup.net>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <652210562.2768097.1468453881242.JavaMail.yahoo.ref@mail.yahoo.com> <652210562.2768097.1468453881242.JavaMail.yahoo@mail.yahoo.com> <CAPkfgVYU_T9w0SJ9QsqSo8EXHgbJx68hROb6E8ELsrS2J6W6kg@mail.gmail.com> <5787332E.5000708@riseup.net> <CAPkfgVbkpVVxe1xzhVSPRLdGUEEFt+KknE1xdYcH-zLa0gMEkg@mail.gmail.com> <57875032.1070206@riseup.net> <CAPkfgVbLk=q1c65KffvSiWZ-Ffu4j2Mv+CiR-2m7oogU9YjpbQ@mail.gmail.com> <578A2DC1.7070603@riseup.net> <131570253.378767.1468722075564.JavaMail.yahoo@mail.yahoo.com> <578AF771.6020009@riseup.net>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On 17 July 2016 at 05:11, Mirimir <mirimir@xxxxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 07/16/2016 08:21 PM, Jonathan Wilkes wrote:
>>> I'm hardly asking for perfection. Just a little heads up for the
>>> sheep.
>> You're unwilling to even describe non-technical users as human
>> beings, yet you want Tor to suggest a vastly more complex
>> alternative for them?
>
> OK, they're naive and trusting. For which "sheep" is common metaphor.
>
> Running VirtualBox and Whonix is hardly "vastly more complex".

It is, you know. More complex, and probably not suitable.

Haroon Meer, who I greatly respect in the security space, describes UX
complexity in terms of his mum. As in, "could my mum do this?" and if
the answer is no, it's too complex for the average user. I like that.

Fact is, security is a spectrum. "No security consideration at all" is
at one end of that spectrum. Tor, the TBB and the associated
documentation, is someway further along the spectrum, Whonix is
somewhat further still, but there's a lot more room beyond that. Even
that's a gross oversimplification - "no browser security except
NoScript" is more secure but less private than TBB in its default
configuration.

Because of that, I don't think it's possible, much less desirable, to
describe the entire spectrum of use-cases. And even less possible to
actually document the toolset appropriate for every point. It's
probably far more meaningful to help users understand that spectrum,
self-assess where they fall on it and what their risk profile may look
like as a result, and pointers to resources which would align with
that.

"Just use VirtualBox and Whonix" is not meaningful advice. It's a
great fit for a very specific subset of users, but many (I would guess
"most") users are not in that subset, and for everyone else it'd just
be some combination of confusing, overwhelming, unnecessary, or
insufficient.

The key question to you, as someone advocating that specific toolset,
would be: for what type of user is VirtualBox+Whonix the optimum
solution, and how would Joe Random identify if he is that sort of
user?

-J
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] FBI cracked Tor security
  - From: Mirimir
- Re: [tor-talk] FBI cracked Tor security
  - From: Tempest

References:
- [tor-talk] FBI cracked Tor security
  - From: Nick Levinson
- Re: [tor-talk] FBI cracked Tor security
  - From: Jon Tullett
- Re: [tor-talk] FBI cracked Tor security
  - From: Mirimir
- Re: [tor-talk] FBI cracked Tor security
  - From: Jon Tullett
- Re: [tor-talk] FBI cracked Tor security
  - From: Mirimir
- Re: [tor-talk] FBI cracked Tor security
  - From: Jon Tullett
- Re: [tor-talk] FBI cracked Tor security
  - From: Mirimir
- Re: [tor-talk] FBI cracked Tor security
  - From: Jonathan Wilkes
- Re: [tor-talk] FBI cracked Tor security
  - From: Mirimir

Prev by Author: Re: [tor-talk] FBI cracked Tor security
Next by Author: Re: [tor-talk] FBI cracked Tor security
Previous by thread: Re: [tor-talk] FBI cracked Tor security
Next by thread: Re: [tor-talk] FBI cracked Tor security
Index(es):
- Author
- Thread