[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] pidgin and tor

On Thu, Oct 08, 2015 at 07:53:02PM -0700, coderman wrote:
> "security vs. usability", as ever...

Thats not what the discussion is about any longer, the
discussion is about security and convenience.

Thats what you fail to grasp, imho.

> consider the Tor Browser PDF exploit that accessed $HOME for keys and other.
> if Tor Browser (and Pidgin) are isolated from each other, this $HOME
> type attack of reduced risk.
> one example

We both digress, OP asked about Pidgin being secure, which my
answer was, it depends. Your answer could be understood as,
it is more secure with an vm, that is were we disagree.

> do you not see the benefit in isolating applications at risk of rogue
> remote execution?

I am not sure, what "rogue remote execution" is, please elaborate.
Sounds like an assassin sniper to me. ;)

> i agree it is not the only security measure, nor the most important.
> but it is useful, and that is why i mention it. more useful would be
> using a secure client, but, again, usability.

Again, you write "usability" you fail at understanding, that
OP is looking for a convenient and secure solution (he asked
about Pidgin being secure).

> > (educate OP)
> i disagree with this approach. make the secure usable. don't force
> users to adapt to "secure".

Sorry, but your vm-fanboyism isn't helpful at all.

> > Using Tor with Pidgin, we are at a disadvantage...
> > If security is a result of good design, good design is when there
> > is nothing left to remove and the design is still secure.
> so, you're going to design and implement a usable, secure chat and presence?
> :)

Again, you tend to overengineer. And if OP is helped
by understanding that he relies on very much infrastructure to
transport a message from Alice to Bob and understands he *can*
achieve "more secure" by either switching implementation or protocol.

I consider this information more helpful than yours, which is
basically "let us put it an vm", which doesn't cover any problems
on the transport layer, it addresses only local problems, that
can be dealt without a VM properly.

> > Contrary to the popular misconception, that security is some kind of
> > fairydust, product or duct-tape that we can apply to protocols or software
> > afterwarts.
> actually, i saw this Kickstarter the other day...  ;P

What would the engineer say, after you had explained your problem, and
enumerated all of the dissatisfactions in your life? He would probably
tell you that life is a very hard and complicated thing; that no
interface can change that; that anyone who believes otherwise is a
sucker; and that if you don't like having choices made for you, you
should start making your own.
See http://www.cryptonomicon.com/beginning.html

Sorry for the delay, and not adressing all your VM-fanboyisms,
your approach makes it (for OP) more and more complex
to run Pidgin, while you achieve maybe a little more local isolation.

What I tried, is to take all the complexity and reduce it,
OP can make a informed decision, based on such information.

Given that, OP doesn't need a brand new OS, he may be better off
using a better implemenation (maybe profanity) or better protocol,
maybe silc or both like with tox.

Sorry, I mean no offense, but with diversion and constructed examples
that are offtopic, you are a danger to others, yourself or your environment.

Given the example with PDF (don't use it, there are better formats
available since ages), all your VMs would be circumvented by OP, as
he would import the malicous binary into one of his other
VMs and compromise either his anonymity, or his complete installation

How do you address that problem? I encounter some of these on
a monthly basis, were overreliance on a VM lead to local priviledge
escalation which resulted in VM-escape or leakage of confidential information.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to