On Sun, 20 Mar 2011 17:58:06 -0700 Mike Perry <mikeperry@xxxxxxxxxx> wrote: > So, the question for the bikeshed discussion then is what should the > default state of this collection be? Our thought is to provide > HTTPS-Everywhere users with this dialog on first-run > https://trac.torproject.org/projects/tor/wiki/HTTPSEverywhere/SSLObservatorySubmission#ClientUIandconfigurationVariables > > However, I'm not sure that this is going to work for Tor Browser > Bundle users (which ships with HTTPS Everywhere) who may have the TBB > on readonly USB keys or live cds. They may end up being asked each > time they start. > > Is this a decent compromise? The other option is to not even bother to > ask users who have a working tor installed, on the assumption that > since we can submit certs through tor, it is always safe to do so. We > may end up doing this instead of always asking them. Is this wrong? If > so, why? This âphone-homeâ behaviour is not safe for users who browse the web over Tor until proposal 171 is implemented in Tor. At best, it would *only* fragment the anonymity set of Tor users. Robert Ransom
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk