[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #7085 [Tor bundles/installation]: Integrate Cryptocat Browser Extension into Tor Browser Bundle
#7085: Integrate Cryptocat Browser Extension into Tor Browser Bundle
--------------------------------------+-------------------------------------
Reporter: kaepora | Owner: erinn
Type: enhancement | Status: new
Priority: normal | Milestone: TorBrowserBundle 2.2.x-stable
Component: Tor bundles/installation | Version: Tor: unspecified
Keywords: | Parent:
Points: | Actualpoints:
--------------------------------------+-------------------------------------
Comment(by StrangeCharm):
Replying to [comment:20 mikeperry]:
> Replying to [comment:15 arma]:
> > Replying to [comment:14 mikeperry]:
> > > Oh, also, I think this extension is something that might make more
sense in Thunderbird. It's great that it could exist in the browser, but
secure instant messaging is more like something you'd expect from a mail
client than a web browser.
> >
> > Really? Everybody does their gtalk messaging with a browser these
days, don't they? A mail client has nothing to do with interactive
messaging in my world.
>
> I think chat only makes sense in the browser for gmail because it's part
of a webpage that is already used for communications. If it were part of
some random area of browser UI instead, nobody would think to use it
instead of their dedicated communications webpage.
>
> Moreover, there is no safe way to use GPG with the gmail web interface,
and it's not likely to exist in a safe form due to the litany of XSS
issues involved there.. In the future, we should provide a Thunderbird
build/profile for "communications security", including instant messaging.
That way, all of your secure communications software pieces are in one
place.
Mozilla's user-research indicates that people want to be able to chat in-
browser (as with Google Talk or Facebook Messenger), *no matter what page*
they are currently browsing. That's one of the (many) motivations behind
the social API.
It's my personal opinion that many folks see the browser as the center of
their online experience, and don't have mental distinctions between web
browsing, email, IM, &c.: those are all things which one does
interactively online (viz: in the browser). Standalone IM, email, and
other heavyweight client software is increasingly out of sync with many
users' mental models and behavior.
If this sounds like an argument for including CryptoCat when it's ready, I
guess that it probably is. However, I suspect that it's also an argument
for working out a safe way to use GPG with the gmail web interface, as
well as a litany of other usability challenges integrating privacy &
security assurance into the online experience of a typical user.
Good privacy and security (of the sort to which I suspect almost everyone
in this thread has easy access through carefully-configured standalone
client software) shouldn't be as difficult as most users find it. As long
as it continues to be, the best attacks against Tor users won't be the
technical approaches which we have worked to hard to mitigate, but will
emerge through the "normal" online workflows which we haven't yet provided
for the safe use of, like relying on Gmail to keep messages private, or on
a social network to safely IM.
This comment ended up a lot longer than I was expecting. Sorry about that.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7085#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs