[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Ultimate solution

  I've been watching this thread with some interest and just wanted to
add my view to the discussion. I think there is a real danger in making
TOR too easy. Yes, I do understand that Microsoft and others have
created a world of people that want every program to function completely
with 3 clicks. For some applications this is a laudable goal. 

  However, when one is dealing with a program that deals with security
or anonymity I think it is important that people who intend to use the
program take the time and effort to learn. They need to learn what it
does, what it doesn't do, how it does it, how it is circumvented, how to
check if it is working correctly, etc. One of the major reasons there is
so much tracking of personal data on the web is most users lack of
responsibility for their own privacy and security.

  For these reasons, my concern is that making TOR a 3 click wonder will
not only further propagate this "some one else will worry about my
privacy/security for me" thinking and ultimately would lead people to a
false sense of security because they wont properly understand the TOR
network, and will blissfully find ways to make their computer leak more
then a bucket with no bottom, all the while thinking "oh, it's fine,
I've got TOR on, I can see the icon in the systray right there".

  I feel that rather then head down the 3 click wonder path, it would be
better to invest time in reminding users that we are talking about their
security, or their anonymity, that as such it is their responsibility,
and decidedly worth the time to learn as much as possible about the
programs or systems they use to protect it. 

  I would hate to see the day when the TOR team has to waste countless
hours and resources to battle complaints that "TOR failed to protect me
when I <insert use that TOR was never intended for>".

Just my thoughts on the subject


P.s. to the tor Dev's -- Yes, I know TOR is not a security application.
That just snuck in there as I deal with computer security regularly and
often see the same "the computer/internet/isp/mysterious someone" should
take care of that for me mentality.   

On Fri, 2007-23-03 at 02:44 -0700, JT wrote:
> Hi,
> why spend hundreds and thousands of hours of coding?
> Is there a browser that doesn't support javascript, java, flash,
> quicktime, etc but only pictures so one can read html text and pictures
> and can read a normal newspaper? If there is such a browser why not
> force Tor users to use it? Make Tor only work with that browser.
> If Tor wants to be an anonymous communication tool it should come in an
> entire package. If Tor wants to be successful it MUST come in  complete
> package.
> 90% of the users use it to surf anonymously, the rest use ftp, chat or
> whatever.
> How about instead of telling a user to:
> install tor and vidalia
> activate tor
> install the tor button
> intstall the noscript
> install flashblock
> configure noscript
> deactivate flash, etc
> install cookie culler 
> turn off the referer header in the browser
> etc
> etc
> have them just install the "package for free communication".
> That way there is no way they can forget to turn anything off or on.
> That way every person that uses the "Tor package for free communication"
> can benefit from the expertise of the people that release the package.
> All the "hacks" that are published are not against Tor but against the
> users "communication package" that the users put together himself. Why
> not help/force internet noobs to be safe.
> I know it is called the Tor project but why not extend it to a real
> communication package. Vidalia was as good start. Now one step further!!
> Is there a free open source browser that could be shipped with the Tor
> package that is fully configured for anonymous surfing and fine tuned to
> be most anonymous, set so that it can be only used through Tor? It
> should be modified so that a noob can not change the settins by
> accident.
> I am not a programmer but this is what must happen. If Tor is only
> supposed to be for technical experts and people that hang out in
> security forums every day then we should continue as is but if Tor is
> supposed to be for the masses(more people more distributed trust) then
> there must be a bundle. A package with everything set up for anonymous
> browsing where some internet newbie can not possibly reveal his IP by
> misconfiguration. The user clicks the setup program Tor installs, the
> Tor browser opens, ready to go. No way the surfer can use that browser
> without Tor.
> Such a software package would make Moore's publications completely
> uncecessary.
> I wish I could help implement this but I am not a programmer.
> But this is the only way for Tor to succeed. A software bundle including
> perfectly configured browser, every user must be a server, and there
> must be a button with which people can choose to be an exit or not.
> Right now it is way to difficult. If grandma and grandpa are capable of
> choosing to be a server or exit nodes then Tor will become extremely
> popular and successful. But everybody must be a router(like I2P). There
> is no other way. Taking the client user base and making it a router base
> would solve many problems and the possible combinations of paths (n-k-1
> over k) would be so huge that an attack where the adversay controls all
> routers in the path would be almost impossible.
> -- 
>   JT
>   toruser@xxxxxxxxxxx


Freemor <freemor@xxxxxxxx>
Freemor <freemor@xxxxxxxxxx>

This e-mail has been digitally signed with GnuPG

Attachment: signature.asc
Description: This is a digitally signed message part