Am Donnerstag 08 August 2013 schrieb adrelanos: > Thomas Hluechnik: > > My opinion: to be honest we all assume under normal circumstances that a piece > > of software is trustworthy until it is proofed that it contains a weakness or > > backdoor. > > > > With regard of security the opposite is true: we have to assume a piece of > > software to be broken until the opposite can be proofed. > > How can one proof the absence of backdoors/vulnerabilities? How can one > ever proof a negative? I think you dont get the point. I somebody wears glasses which make hin blind he will very likely stumble. And if such a guy (who loves his foolish glasses) goes hiking in dangerous terrain you can imagine what will happen to him. I he is willing to put off his wonderful blind-making glasses it is much more likely that he will not stumple even in dangerous terrain but this is no guarantee. You know you can be very prudent while hiking and stumble nevertheless. After this is clear, would you say "you crazy guy can keep on wearing your silly glasses because there is no guarantee to not stumble when you put them off" ? Using open source is like putting off the silly blind-making glasses. You have the change to not stumple but no guarantee. > > I was really happy when finding tails. This should be considered as the future > > for TOR: it doesnt matter if any DAU (german word for computer beginner) has its > > Windows computer full of backdoors and viruses. He just starts from USB or CD > > having an acceptable level of security. > > This needs trusted distributors shipping Tails on USB or CD. With a > strong threat model you have in mind, you can't use a version of Windows > infected with trojans and backdoors to securely get Tails. [Oh, that of > course also goes for any other Linux distribution. Whonix isn't an > exception.] Thats true. Lets found a company selling such hardened CD's. But from a view of our customers: can they trust in us? Will we distribute them with backdoors or not? Maybe we are even members of the NSA? This must be clear since Orwell's book 1984. Security is a relative thing. > > So my mind: stop supporting Windows and even stop MacOS. Stop support for ANY > > closed source OS. > > [...] > > If you drop Windows support you have much more time and energy developing save > > versions of tails and Whonix and this will improve the reputation of TOR. > > Tails/Whonix/any operating system could be perfectly secure and so > forth. Without anyone knowing about it, no one could take advantage of > it. In order to get people actually knowing about the project, at lot > publicity is required. And you can't get this if users of most popular > operating systems can not use it. I disagree. I personally have my experience since 15 years trying people to convince using PGP/GnuPG, Linux and tor. Most of them are ignorant. They would use none of them even if you would configure everything for them. They are completely ignorant and brain-fucked. Nothing will help except they find their banking account empty one day. Others are more interested but have no technical background. They were willing to protect themselves but are dependent of experts help. In their eyes WE are the experts and we show them: you can use Windows in a secure way. In effect we are betraying those people inadvertedly. > Using Linux distributions inside Virtual Machines is one fine way to get > in touch with Linux. After users learned the basics and due to > educational efforts, they may get up some form of dual boot or entirely > switch to Linux. I think the hard way "use Tor on Free operating systems > or get lost" will attract less than more users and open up for > competition (forks) doing a worse job making it available on non-free > operating systems. I think our goal should not be convincing people using Linux in first order. It might be an acceptable scenario that Windows lovers use their Windows by default but when they want privacy they reboot their host into LiveCD or USB mode containing tails or something equal. Best Regards Thomas Hluchnik
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk