[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] New Tor Browser Bundles with Firefox 6



On 8/21/2011 2:28 PM, Justin Aplin wrote:

 On Aug 21, 2011, at 2:53 PM, Joe Btfsplk wrote:
Thanks.  How "experimental" are they?  They are alpha releases, after all.  For most software, alpha releases are only intended for testing (most developers stress that point).  For something involving privacy / anonymity (depending on where you live), is using an alpha version for every day use advisable?  Yes, Firefox 6 fixes security issues, but TBB is alpha.
What you're doing here is switching from a bundle of software that has *known*, readily-exploitable security issues, to a bundle which fixes those particular issues but *might* have unknown security issues. Some of these unknown issues may have also existed in the previous version(s), some may be new. Since software will rarely, if ever, be "exploit-free", by upgrading in this manner you're taking a small risk of opening yourself up to new exploits in order to greatly reduce your risk of being exposed to current ones.

I've always wondered about Tor Project's (perceived) different opinion that users should switch to a , b versions - vs. other developers' caution about using them.
In my experience, developers usually say this because they don't want to be held responsible (read: blamed) for compromising the stability of production machines. This applies to Tor as well, since the alpha and beta branches tend to crash more frequently than the stable branch does. But since the alpha and beta branches tend to include new features, and since the majority of new features in Tor are geared toward improving security, the same logic as above applies.

~Justin Aplin
Thanks. In this case, I understand about FF 6 & Tor Project wanting to move to it. Re: Tor w/ FF 6. Firefox 6 fixes known issues. The main purpose of Tor is anonymity, not protecting against browser attacks - yes? (though using the latest browser is good, for browser safety). But, isn't using an in thoroughly tested Tor version more risky from an anonymity point - ? (the risk level depending on where you live, i.e., "what's the worst that could happen if I get found out"). For people living in highly repressive countries, would the bigger concern be relatively assured anonymity, visiting an anti gov't site or preventing a browser attack? For me, it might not be a big issue - not so sure about some other countries.
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk