[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor and Financial Transparency



On 08/30/2013 10:06 PM, Juan Garofalo wrote:

> At 11:33 AM 8/30/2013 -0400, Paul S. wrote:

SNIP

>> See all the research on the issues trade-offs, threats, designs,
>> etc. that Tor Project Inc. employees, government employees, 
>> university and corporate researchers, and lots of others have done 
>> trying to design for a diverse userbase.
>> www.freehaven.net/anonbib/ is a fine place to start. If you can
>> come up with better designs, we would love to have them.

SNIP

> For what it's worth : trying to have a diverse and big user base, and
> providing security for all users seems to be impossible. You either
> provide relatively good security for a small number of sensitive
> users, or relatively lax security for 'general' users.

As I understand Tor, that's precisely what Tor doesn't do. Its goal is
providing security through relatively-strong anonymity to all users.

If, by "relatively lax security for 'general' users", you're referring
to having NoScript configured by default to allow all sites, that's
arguably the best option for most users. Any user can choose to block
scripts by default on all sites, or allow on a per-site basis, trading
off anonymity for protection against script-based exploits.

Also, any user who's that concerned about script-based exploits ought to
be running the Tor client and their apps in separate machines, or at
least in separate VMs. No?

SNIP


-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk