[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] Store Salmon-related information in Tor Browser?



On Thu, Aug 20, 2020 at 11:30:09AM -0700, Philipp Winter wrote:
> We recently started experimenting with the Salmon social bridge
> distributor:
> https://gitlab.torproject.org/tpo/anti-censorship/bridgedb/-/issues/31873
> 
> We are now exploring the possibility of storing some Salmon-related data
> on a user's computer and are wondering what our options are.  The data
> we're talking about is a lightweight, signed, and encrypted blurb that
> contains a user's social graph, proxies, and registration ID.
> 
> One option to store this data is Tor's data directory but that doesn't
> seem ideal because Salmon isn't a PT and technically has nothing to do
> with Tor.  Is Tor Browser an option here?  Or does the "disk avoidance"
> design goal mean that we don't get to store anything at all?  A last
> resort option would be to simply hand the blurb to the user and ask them
> to store it somewhere but we would like to find a more usable way to
> handle this.

This is a really good question. Tor Browser's "Disk Avoidance" goal is
"prevent all disk records of browser activity" [0]. However, this is
only the default operating mode. A user should be given the option of
recording certain browser activity on disk (such as saving bookmarks).

In the case of Salmon, writing a person's social graph and ID on disk
(encrypted or plaintext) is a requirement of a user participating in the
Salmon distributor, yes? While Salmon is not the only distributor, I
think writing it within Tor Browser's directory is an appropriate place
as long as the user is given sufficient information about the data
contained in the file and they consent to storing it (participating).

Overall, putting the burden on the user for saving the file somewhere
else seems really bad for usability (and, therefore, security and
privacy). I can imagine saving the file externally being an option, but
I don't think it should be the default.

Hopefully this helps, but please let me know if I can clarify anything
more.

- Matt

[0] https://2019.www.torproject.org/projects/torbrowser/design/#disk-avoidance
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev