[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #26431 [Core Tor/Stem]: Document a threat model for stem.client
#26431: Document a threat model for stem.client
----------------------------+------------------------
Reporter: dmr | Owner: atagar
Type: task | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Stem | Version:
Severity: Normal | Resolution:
Keywords: client website | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
----------------------------+------------------------
Comment (by teor):
Our security expectations of alternative tor implementations are pretty
simple:
* We do not expect alternative Tor implementations to be able to emulate C
Tor's behaviour, so they are their own anonymity sets (there are several
research papers on protocol emulation for anonymity: it doesn't work)
* For this reason, and many others, alternative Tor implementations should
not claim to support anonymity or privacy that is as good as Tor's:
https://www.torproject.org/docs/trademark-faq.html.en
So I'm not sure that writing a spec like this would be useful. A few
sentences of threat model should be sufficient:
stem.client does not make you anonymous. Use Tor Browser if you want
to be anonymous. (Link to Tor Browser download page.)
When we have a draft guide for embedding Tor in other browsers (like
Firefox, Brave, or Cliqz), it might contain some useful information about
threat models for alternative implementations.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26431#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs