A recent discussion on Slashdot compelled me to make a suggestion for the TOR community. Please forgive me if I come across sounding too harsh: this is only because I am attempting to critique a very large part of what the project is doing. At any rate, I have no personal stake in the way TOR is developed or distributed, and will remain a happy and grateful user regardless of how this discussion continues. I think that TOR developers are making a grave mistake by providing the TOR bundle for platforms which are not only insecure by design, but are outright hostile to the user. Both MS Windows and OS X can be safely assumed to spy on all actions taken by users, and so TOR project shouldn't claim that using TOR bundle on these platforms provides a means of communication that is either secure or private. Claiming that TOR can achieve any of its primary design goals on these platforms is misinformed at best, and edges on dishonesty. In my view, MS Windows and OS X bundles should be discontinued for the sake of safety, security, and privacy of TOR users. Today, the users are being misled into thinking that their communications are private, even though there is a fair chance that MS Windows already includes code designed specifically to intercept local TOR traffic. Moreover, all TOR users should be told up-front that running TOR on top of a fully or partially non-free OS makes about as much sense as installing a vault door in a house without walls. Even running TOR alongside (unprivileged) non-free apps should be frowned upon, given a generous amount of local exploits found in even the best free OSes.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk