[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Ultimate solution

It sounds to me like we need:
1. Absolutely easy to use client software that automatically acts as a
-- Needs to determine the lower (upstream) bandwidth, and not clog it
-- Needs to be able to prioritize local originating connections to
eliminate the desire to run separate client and server tor processes
-- -- This includes using as much upstream as the local origination
needs, even if it means nearly starving all "through me" traffic
-- -- This means getting flow control working inside Tor, unless I
missed something.
-- Needs to be able to work with dynamic IP transparantly
-- -- Tor currently does this if NO Address line is in the config
file, but Vidallia insists on putting one in there anyways.

2. Simple instructions to end users
-- Anonimity != privacy
-- Things like flash, etc, can break privacy and reveal who you are
-- Some sort of 'This is known to be safe, this is most likely unsafe,
this is "maybe" ' list.

3. A preconfigured set of cookies for the major known cookie tracking
sites (ads, etc), so that every Tor user looks the same.

4. Ideally a patch for Firefox. IE allows you to say "Accept 1st party
cookies, reject 3rd party cookies." Safari allows you to say "Only
accept cookies from sites I navigate to, but not from sites linked to
them (Advertisements)". Firefox doesn't have that.

5. (Privoxy already strips referrer information, so that's not leaking
your search history, etc, to third parties).

** 6 **. Since Tor will route to an exit node on the same machine as
your target, giving end-to-end transparent encryption, some sort of
push to get the major web sites to run at least a "local exit" tor
node. In particular, we need an absolutely trivial, out of the box,
"Local only, any port" tor exit config.

On 3/27/07, Freemor <freemor@xxxxxxxx> wrote:
On Mon, 2007-26-03 at 23:53 -0700, JT wrote:
> You are making a very big mistake! In theory your are correct with what
> you are saying but you are assuming the total noob can learn how to safe
> anonymously but also give grandma a chance to surf anonymously. Grandma
> knows what a browser is but has never heard about encryption or TCP/IP.

I think that if the information is geared to the new user that they will
be able to pick it up. You don't need to get all technical to explain
everything. you could just say "if your browser doesn't display the lock
icon, like when using a banking site, your communication is anonymous
but not confidential, and may reveal identifying information."

I also think there is a real problem with the "a new user could never
understand this" thinking. One should never assume that ones audience is
less intelligent then you are. Also, even if the effort manages to only
educate 30% of the new users this is far superior to not making the
effort and having only the very enthusiastic users who have the skills
to dig up the documentation they need being educated.