[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] TOR bundle on hostile platforms: why?



Since I couldn't find an official list of design goals for TOR, I
assumed that it is primarily intended to do whatever the project
claims it can do. If you can point me in the direction of an existing
list, I'll gladly analyze it as well.

I will use MS Windows as an example, but it goes for any non-free OS.

> Using Tor protects you against a common form of Internet surveillance known
> as "traffic analysis."

It doesn't, since Microsoft can survey all outgoing and incoming
traffic in plain text.

> Tor also makes it possible for users to hide their locations while offering
> various kinds of services, such as web publishing or an instant messaging
> server.

On the contrary, Microsoft has the capability to survey all Windows-powered TOR
nodes and make a complete table of who is hosting what.

> As Tor's usability increases, it will attract more users, which will increase
> the possible sources and destinations of each communication, thus increasing
> security for everyone.

Each Windows host added to the network is a TOR node which is directly under
control of Microsoft. Thus adding more Windows hosts decreases the security
for everyone.

On 08/07/2013 02:32 PM, Lunar wrote:
> Ivan Zaigralin:
>> I think that TOR developers are making a grave mistake by providing the
>> TOR bundle for platforms which are not only insecure by design, but are
>> outright hostile to the user. Both MS Windows and OS X can be safely
>> assumed to spy on all actions taken by users, and so TOR project shouldn't
>> claim that using TOR bundle on these platforms provides a means of
>> communication that is either secure or private. Claiming that TOR can
>> achieve any of its primary design goals on these platforms is misinformed
>> at best, and edges on dishonesty.
> 
> Could you state what are these “primary design goals” for you?
> 
> Tor does many different things for many different target audience. While your
> statements are applicable to a certain class of users, they probably do not
> apply to every Tor users out there.


Attachment: signature.asc
Description: OpenPGP digital signature

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk