[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Ultimate solution



You are making a very big mistake! In theory your are correct with what
you are saying but you are assuming the total noob can learn how to safe
anonymously but also give grandma a chance to surf anonymously. Grandma
knows what a browser is but has never heard about encryption or TCP/IP.


On Sat, 24 Mar 2007 00:50:15 -0400, "Freemor" <freemor@xxxxxxxx> said:
>   I've been watching this thread with some interest and just wanted to
> add my view to the discussion. I think there is a real danger in making
> TOR too easy. Yes, I do understand that Microsoft and others have
> created a world of people that want every program to function completely
> with 3 clicks. For some applications this is a laudable goal. 
> 
>   However, when one is dealing with a program that deals with security
> or anonymity I think it is important that people who intend to use the
> program take the time and effort to learn. They need to learn what it
> does, what it doesn't do, how it does it, how it is circumvented, how to
> check if it is working correctly, etc. One of the major reasons there is
> so much tracking of personal data on the web is most users lack of
> responsibility for their own privacy and security.
> 
>   For these reasons, my concern is that making TOR a 3 click wonder will
> not only further propagate this "some one else will worry about my
> privacy/security for me" thinking and ultimately would lead people to a
> false sense of security because they wont properly understand the TOR
> network, and will blissfully find ways to make their computer leak more
> then a bucket with no bottom, all the while thinking "oh, it's fine,
> I've got TOR on, I can see the icon in the systray right there".
> 
>   I feel that rather then head down the 3 click wonder path, it would be
> better to invest time in reminding users that we are talking about their
> security, or their anonymity, that as such it is their responsibility,
> and decidedly worth the time to learn as much as possible about the
> programs or systems they use to protect it. 
> 
>   I would hate to see the day when the TOR team has to waste countless
> hours and resources to battle complaints that "TOR failed to protect me
> when I <insert use that TOR was never intended for>".
> 
> Just my thoughts on the subject
> 
> Freemor
> 
> P.s. to the tor Dev's -- Yes, I know TOR is not a security application.
> That just snuck in there as I deal with computer security regularly and
> often see the same "the computer/internet/isp/mysterious someone" should
> take care of that for me mentality.   
> 
> On Fri, 2007-23-03 at 02:44 -0700, JT wrote:
> > Hi,
> > 
> > why spend hundreds and thousands of hours of coding?
> > 
> > Is there a browser that doesn't support javascript, java, flash,
> > quicktime, etc but only pictures so one can read html text and pictures
> > and can read a normal newspaper? If there is such a browser why not
> > force Tor users to use it? Make Tor only work with that browser.
> > 
> > If Tor wants to be an anonymous communication tool it should come in an
> > entire package. If Tor wants to be successful it MUST come in  complete
> > package.
> > 90% of the users use it to surf anonymously, the rest use ftp, chat or
> > whatever.
> > 
> > How about instead of telling a user to:
> > 
> > install tor and vidalia
> > activate tor
> > install the tor button
> > intstall the noscript
> > install flashblock
> > configure noscript
> > deactivate flash, etc
> > install cookie culler 
> > turn off the referer header in the browser
> > etc
> > etc
> > 
> > have them just install the "package for free communication".
> > That way there is no way they can forget to turn anything off or on.
> > That way every person that uses the "Tor package for free communication"
> > can benefit from the expertise of the people that release the package.
> > All the "hacks" that are published are not against Tor but against the
> > users "communication package" that the users put together himself. Why
> > not help/force internet noobs to be safe.
> > 
> > I know it is called the Tor project but why not extend it to a real
> > communication package. Vidalia was as good start. Now one step further!!
> > 
> > Is there a free open source browser that could be shipped with the Tor
> > package that is fully configured for anonymous surfing and fine tuned to
> > be most anonymous, set so that it can be only used through Tor? It
> > should be modified so that a noob can not change the settins by
> > accident.
> > 
> > I am not a programmer but this is what must happen. If Tor is only
> > supposed to be for technical experts and people that hang out in
> > security forums every day then we should continue as is but if Tor is
> > supposed to be for the masses(more people more distributed trust) then
> > there must be a bundle. A package with everything set up for anonymous
> > browsing where some internet newbie can not possibly reveal his IP by
> > misconfiguration. The user clicks the setup program Tor installs, the
> > Tor browser opens, ready to go. No way the surfer can use that browser
> > without Tor.
> > 
> > Such a software package would make Moore's publications completely
> > uncecessary.
> > 
> > I wish I could help implement this but I am not a programmer.
> > 
> > But this is the only way for Tor to succeed. A software bundle including
> > perfectly configured browser, every user must be a server, and there
> > must be a button with which people can choose to be an exit or not.
> > Right now it is way to difficult. If grandma and grandpa are capable of
> > choosing to be a server or exit nodes then Tor will become extremely
> > popular and successful. But everybody must be a router(like I2P). There
> > is no other way. Taking the client user base and making it a router base
> > would solve many problems and the possible combinations of paths (n-k-1
> > over k) would be so huge that an attack where the adversay controls all
> > routers in the path would be almost impossible.
> > -- 
> >   JT
> >   toruser@xxxxxxxxxxx
> > 
> 
> ------
> 
> Freemor <freemor@xxxxxxxx>
> Freemor <freemor@xxxxxxxxxx>
> 
> This e-mail has been digitally signed with GnuPG
> 
> 
-- 
  JT
  toruser@xxxxxxxxxxx

-- 
http://www.fastmail.fm - Or how I learned to stop worrying and
                          love email again