[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Warnings on the download page



On Fri, Mar 09, 2007 at 03:14:31AM -0500, Roger Dingledine wrote:
> On Thu, Mar 08, 2007 at 07:17:09PM -0600, Mike Perry wrote:
> > > The current simplest advice I can give people is to remove all plugins:
> > > http://tor.eff.org/download.html.en#Warning
> > > Do you have any suggestions on safe ways to back off from that?
> > 
> > I have a couple more points - the second browser phrase should link to
> > http://portableapps.com/apps/internet/firefox_portable because
> > otherwise it's not really easy to have a second firefox installed.
> 
> I hear from people on OS X who use Firefox for safe stuff and Safari
> or something else for non-safe stuff. They seem happy enough.
> 

I was going to note this, but Roger beat me to it.  This is exactly
what I do. I can configure Safari to be relatively safe, but mostly
use it when I really don't care or when I must/want to use some
plugin, etc. I use Firefox with everything shut off together with
Tor, when those things don't apply.


But this is an easy option for people to understand. For this reason
it might be best from a usability perspective (I'm thinking noobs
here.) If most of our users are on Windows, they can be instructed to
use a clamped down Firefox (with and without Tor) when they care about
security and IE when they don't. We could still recommend that they
try to do various things to be more safe when using IE. I _know_
people think that IE is just a big security hole, etc. I don't want to
get into that debate. I am just assuming that users will be willing to
do minimal things. Telling them to install Firefox and install Opera
(I know it's proprietary) or whatever (fine, tell them to use the
Windows port of lynx, that'll have alot of traction) is probably a
non-starter. This could be a relatively simple instruction that they
are relatively likely to get right wrt configuration and that will
make them much more secure than they are now and more secure
than they will be if they attempt some more subtle alternative and
get it wrong.

aloha,
Paul