[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Re[4]: Ultimate solution

Hello Arrakis,

I believe that JT was saying that there are binary options regarding
whether you are properly using TOR, or not properly using TOR.  You
are arguing that TOR itself is not considered "Security".  He is
saying that people who have deemed TOR to be secure and anonymous can
either be using TOR properly or could have scripting, or other similar
things enabled, and thus compromising what they have deemed as secure.

And there is a *huge* difference between disabling all scripting and
using Lynx.  Lynx has no scripts, but also no images, not frames, no
color choices, and a very small screen size.  You can browse just as
"securely" with a properly configured Mozilla client as you can with
Lynx.  The security does not come from not downloading pictures, which
is the main distinguishing factor when compared with Lynx, it comes
from disabling scripting.

Just my two cents,

On 3/29/07, Arrakis <arrakistor@xxxxxxxxx> wrote:

Security is NOT binary, it is a process, and it is a gradient. We only
desire the illusion of it being binary. There is compromise in every
design, take tor for example using 128bit crypto because it is pretty
secure and fast enough to encrypt on the fly. I'm sure there are
people that wish it was doing 512bit elliptic curve or some other
thing out there.

However,  it  is  possible we could come up with some secure-only mode
which   locks  out  most  features,  virtually  all  the  plugins  and
functionality, and puts the user in a rigid framework in order to give
a  little  more  security  and  a stronger impression of anonymity. Of
course,  this  makes  it a significantly unpleasant experience and one
might as well use lynx at that point.


>> As I said it is possible, but when you treat the user like a child it
>> is going to be an issue to get them to keep using it.

> Why? Surfing anonymously is a binary. Either 1) everything is set
> perfectly to be secure and anonymous or 2) it is not.
> There are two types of Tor users. Tor literate and Tor illiterate users.
> The thing that both have in common is that they could accidentally
> enable scripting or forget to turn in off. Both types would be greatful
> for a mechanism that would force them to turn things off and not allow
> them to use Tor otherwise.

> After all they can choose to use Tor or not. Be anonymous or not be
> anonymous. There is nothing third "state". Nobody would feel "being
> treated as a child".
> --
>   JT
>   toruser@xxxxxxxxxxx

Kasimir Gabert