[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: 25 tbreg relays in directory

Edward Langenback wrote:
> Jim McClanahan wrote:
> > I probably should have canned the sarcasm, but I do think that any
> > disabling of the client from the network should be easily reversible.
> > Part of that is just my philosophy.  But it also has a practical element
> > in terms of what is required to resume functionality if the client
> > suddenly and unexpectedly stop working.  Somebody may not wish to take
> > the time to install at that moment.
> I assume that Tor can (or could be made to) detect what OS it's being
> run on.  Given that, what if Tor were to check it's current version
> against the directory servers while it's creating circuits.
> Then if the version running is judged too far out of date to be safe, it
> could download the most recent version (via the Tor network of course)
> for the OS it's running on and "auto-update" itself.

I guess that would depend on the OS and how it is configured.  If Tor is
running without privilege, as recommended, I would think in most
scenarios it would not have the ability to update itself.  If something
is configured "non-standard" (whatever that may mean in a particular
situation) then I would guess the attempt to update would not have the
desired result even if Tor had privilege.  That said, it is my
understanding that on MS Windows, Firefox has such an auto-update
mechanism although I am not familiar with the details.  Personally, I
like to be in charge of what happens on my computers.

I remain unconvinced that what happened in the case of "tbreg" should be
determining policy for the Tor project, at least as far as client
activity is concerned.  To the extent the people who installed really
didn't know it involved Tor, it seems to me that, if not technically
malware, it is at least a close cousin (where software creators are not
being up front with users).  Trying to, in effect, be the guardian of
such users is (IMHO) a losing proposition.