[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor Browser Bundle w Linux Packaging & TAILS improvements/new distribution

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Tor Browser Bundle w Linux Packaging & TAILS improvements/new distribution
From: "Chris" <tmail299@xxxxxxxxxxx>
Date: Mon, 12 Dec 2011 22:34:03 -0500
Authentication-results: smtp03.embarq.synacor.com smtp.user=gilbertewaid; auth=pass (LOGIN)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 12 Dec 2011 22:34:22 -0500
Importance: Normal
In-reply-to: <20111212125448.48e9709f@kilik>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <dc4355865f8cfc2a496561838056ad25.squirrel@xxxxxxxxxxxxxxxx> <20111212125448.48e9709f@kilik>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: SquirrelMail/1.4.21
X_cmae_category: 0,0 Undefined,Undefined

> On Fri, 9 Dec 2011 04:59:37 -0500
> "Chris" <tmail299@xxxxxxxxxxx> wrote:
>
>> I have a number of questions and requests for possible changes to the
>> Tor Browser Bundle.
>
> Have you read the TBB design document? It may answer many more
> questions, https://www.torproject.org/projects/torbrowser/design/.

Yes. I don't think it answered my questions though.

>
>> Why is the current Tor Browser Bundle for Linux not available in the
>> Tor repository?
>
> TBB for linux is not a deb nor rpm based on packaging guidelines. There
> is nothing to install per se. It's a simple tarball that is extracted.
> We sign every package, so the tarball is signed and can be validated.

The above design document talks about avoiding usability issues. Some
things it puts out of the scope of its ability. I feel some things are
within its scope though even though it would take others (like the Tails
project) to actually implement a complete solution or the user.

While I would not suggest eliminating the tarball completely as there is
more to the world than just debian I do think the manual installation is
cumbersome and risky for the user. It make no sense to recommend manual
installation when there is a better system that is already being used.

Users do not understand authentication and so the need for such
authentication should be done away with. Package management systems
already do the authentication bit and make updating (good for security)
easy. One of the reasons Microsoft Windows is such a dangerous platform
for users is there are dozens of different update applications.

Adding it to the repository is what would make this feasible. It doesn't
need to be in debian's repository. Just in Tor's repository.

It has been mentioned elsewhere that the project needs other distribution
methods to help get Tor into countries where it is banned. Here is a
perfectly good one. Especially if it ended up in debians main repository.

>
>> Tails requires users to download a new disc each time an update is
>> released as well. Like the Tor Browser Bundle this too gives an
>> attacker more of an opportunity to compromise a Tor user.
>
> There's a project called thandy that will allow for partial updates of
> TBB. Tails is a separate project, you should talk to them directly.
> Thandy can be found at https://gitweb.torproject.org/thandy.git.
>
>> The second thing I was wondering relates to Tails. Why does Tails
>> need to be downloaded each time an update is released? If the goal is
>> a read-only medium there are newer methods to make writeable media
>> read-only without having to burn a new CD each time and update is
>> released or reload a distribution.
>
> Tails is a separate project, you should ask them. You may also find
> https://trac.torproject.org/projects/tor#LiveCDUSB the other projects
> helpful too.

I have never received any kind of response that made sense from them. It
is as if everybody wants to avoid putting out a safe usable solution for
users.

I think the idea of Tails is great. It is just badly implemented.

>
> --
> Andrew
> pgp 0x74ED336B
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Tor Browser Bundle w Linux Packaging & TAILS improvements/new distribution
  - From: Jérémy Bobbio
- Re: [tor-talk] Tor Browser Bundle w Linux Packaging & TAILS improvements/new distribution
  - From: Andrew Lewman

References:
- [tor-talk] Tor Browser Bundle w Linux Packaging & TAILS improvements/new distribution
  - From: Chris
- Re: [tor-talk] Tor Browser Bundle w Linux Packaging & TAILS improvements/new distribution
  - From: Andrew Lewman

Prev by Author: Re: [tor-talk] TBB, iptables, and seperation of concerns
Next by Author: Re: [tor-talk] TBB, iptables, and seperation of concerns
Previous by thread: Re: [tor-talk] Tor Browser Bundle w Linux Packaging & TAILS improvements/new distribution
Next by thread: Re: [tor-talk] Tor Browser Bundle w Linux Packaging & TAILS improvements/new distribution
Index(es):
- Author
- Thread