[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor Browser Bundle: Usability Improvement Proposal (windows)



I speak Russian, but I don`t think those people would be interested in
such documents. I made some little more deep research for this
conversation and as I see all that they did was getting TBB,
unpacking it, adding some bookmarks and tweaks to Firefox profile
(just like branding) and packing it back to "click-and-run" executable.
As the point of this thread was about making TBB more convenient to
"dumb people", we and you as developer can ignore all except
technics of packing stuff, because main goal is around that "click
and run" thing, right?

I also know about MicroTor because I like finding all this security
stuff all around Internets :) And honestly I didn`t even use it because
of lack of audit concerns. As you described I did the right thing :)


Mike Perry <mikeperry@xxxxxxxxxx> wrote:

> Thus spake Greg Kalitnikoff (kalitnikoff@xxxxxxxxxxxxxxxx):
> 
> > Hm, interesting thing that very recently I found out such project -
> > SBrowser282, custom Tor Browser Bundle made by some russian radicals.
> > It does exactly what you are talking about as I understand. More
> > interesting that they claim it`s all made with open source software.
> > 
> > Download link:
> > http://ifile.it/uxgel0p/SBrowser282.exe
> > And as I can see it is just self-extracting 7z archive. Anyway, be
> > warned about any exe-file!
> > 
> > More links and info can be found here (in russian)
> > http://rusinfo.cc/entries/421
> 
> If you speak Russian, you may want to point these people at the new
> Tor Browser Design doc:
> https://www.torproject.org/projects/torbrowser/design/, especially the
> requirements section:
> https://www.torproject.org/projects/torbrowser/design/#DesignRequirements
> 
> We're starting to see a few different browser bundles arising due to
> people not being satisfied with our choice of Firefox and for various
> other operational reasons. One variant Andrew saw took the smallest web
> browser they could find, embedded a Tor client in it, and provided the
> resulting 2M package as something like "MicroTor".
> 
> They certainly sound useful, but the problem with these approaches is
> that they often don't even state if they've done the *bare minimum*
> audit to ensure all browser activity actually uses the proxy settings
> of their pet browser:
> https://www.torproject.org/projects/torbrowser/design/#proxy-obedience
> 
> For micro-browsers especially (even popular ones like Google Chrome),
> you're likely to see them relying on OS functionality as opposed to
> built-in functionality. In the case of the SSL stack, this can mean
> immediate proxy bypass for SSL connections and/or OCSP data. See:
> https://trac.torproject.org/projects/tor/wiki/doc/ImportantGoogleChromeBugs#ProxyBypassBugs
> 
> All of this is not to mention the efforts we're investing into
> ensuring the Tor Browser has good privacy properties, too:
> https://www.torproject.org/projects/torbrowser/design/#privacy

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk