[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor - 1-click-compile-version



There is probably a better way to solve this problem without having to
compile the code yourself. The simple fact is that users are not going to
be competent enough to evaluate the code or even evaluate the changes in
the code from one release to the next.

The threat here potentially comes from governments mandating a back door.

The solution to this problem is to spread out the responsibility of
checking for back doors amongst developers in different parts of the world
and giving them the ability to issue secure signed hashes of the compile
binaries. They would need to compile binaries themselves to create these
signed secure hashes.

Tor has a vulnerability where there are only two or three bootstraping
servers. They are spread out from my understanding although also a point
of vulnerability. It requires 2 of three server currently I believe to
compromise the service. If I recall correctly there is the possibility to
have several trusted entities although there are only two or three right
now. I'm sure someone more knowledgeable can provide better info.


> Tor and all stuff is Open Source and many people looking inside for
> security review. A very weak link is that most users use the precompiled
> ready to use binaries. But it is not possible to be sure that binaries are
> build from an unaltered source code. The precompiled binaries may include
> back doors. Also that most users download from torproject.org is an other
> single point of failure as just one instance has to be forced to include a
> back door.
>
> I've never read that someone checks frequently that the source code is
> 100% same like the binaries.
> Compiling everything oneself is a lot of hassle, most users do not do that
> as it's a big inconvenience.
>
> I am not here to offend someone. There are a lot reasons in the nature of
> this project to ask such questions. The whole Tor project is about
> distrust and fear of getting traced and logged. Even if I'd knew all
> involved persons in person and I'd trust them I wouldn't trust the
> binaries 100%.
>
> The machines who build the binaries could be compromised including a
> backdoor on compile time. People with lots of money, government or wealthy
> companies could thread and force you or your families to include a
> backdoor into Tor.
>
> To protect you and the Tor users I propose the following....
>
> Additionally to the precompiled binaries you could offer a 1-click-compile
> version. It could be an script which downloads all the needed stuff for
> compiling and building the executable.
>
> This isn't a bottomless pit. Don't try to make the second step before the
> first one. For example on Windows the script would download the
> precompiled executables of mingw, msys, msysDTK and so on from sf.net,
> download source code of Tor from torproject.org, compiling and so on...
> Yes, it would be again a risk to download the precompiled executables as
> those could be possibly forced to have included a backdoor as well.
>
> The idea of 1-click-compile-versions has to develop over time. No one can
> expect the concept to be perfect from the beginning. The tor project would
> start with it and later over time all the decencies would hopefully also
> allow similar 1-click-compile-versions. All this until a point where we
> can compile the whole operating system, the browser and Tor with one
> click.
>
> If that's half running I can imagine a distributed community / program to
> review the updated source codes. After downloading new source the program
> would check it from different sources if it's the same some independent
> people had stated there opinion about the changes. This would allow all
> users to download, compile and start executables from source at the same
> time having some feedback from external developers about the quality of
> the source code they're using.
>
> Don't tell it's impossible. Tell what are the weak points of this concept
> are and propose enhancements.
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>


_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk