[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Unsigned Mac OS X binary for TorBrowser

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Unsigned Mac OS X binary for TorBrowser
From: Matthew Fisch <mfisch@xxxxxxxxxx>
Date: Sat, 10 Nov 2012 11:30:28 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 10 Nov 2012 11:32:15 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

I think the idea of getting an organization such as the EFF (with credibility Apple couldn't afford to deny) to sign off on the binaries sounds like the only plausible solution -- though I understand the politics of this aren't exactly trivial. I didn't realize legal kung-fu was necessary when you don't plan to submit to the app store. This type of thing is something that should be investigated long-term however especially considering the Mountain Lion default of denying unsigned binaries, and the Tor Project's mission of increasing use of Tor by mainstream users to increase credibility of the project.

All that said, there is a simple short-term fix:

A warning and subtle protest of Apple's closed gatekeeper methodology should be included in the OS X download webpage. This is actually a great technology to protect users computers from privacy invasions by rogue software, it's just in Apple's blood to exert a bit more control than desktop users find comfortable. Also, uploaded some screenshots to google drive to highlight the simple but unintuitive workaround, once the application is added to the gatekeeper exception list no further warnings will be produced:

https://docs.google.com/folder/d/0B1pT3gU1bGZiYWVaQTFVR05QUmc/edit
^^
three images labelled step 1, 2 and 3.

Also, I think it's important not to totally discredit the gatekeeper technology. If users turn this off they significantly increase risk exposure to their machines despite any idealogical concerns.

-Matt


Matthew Fisch
mfisch@xxxxxxxxxx

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Unsigned Mac OS X binary for TorBrowser
  - From: Greg Norcie

Prev by Author: [tor-talk] misconfigured mailing list (mailman software) for torproject discloses passwords in plaintext (stores too?)
Next by Author: Re: [tor-talk] torsocks is broken and unmaintained
Previous by thread: Re: [tor-talk] Unsigned Mac OS X binary for TorBrowser
Next by thread: Re: [tor-talk] Unsigned Mac OS X binary for TorBrowser
Index(es):
- Author
- Thread