[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] torproject forum hosted by 3rd party?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] torproject forum hosted by 3rd party?
From: nusenu <nusenu-lists@xxxxxxxxxx>
Date: Fri, 29 Oct 2021 20:21:46 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 29 Oct 2021 14:22:06 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1635531712; bh=/p06M4qZ5yRHA47JsbJdHk3x8Et8YXkGUYZdtmJX3Mk=; h=To:References:From:Subject:Date:In-Reply-To:From; b=BhIqeTkcqLjZEudybVt8+TnnkzeBUSn3qx4eq1LjsUOIX/Y8IjnuCE6zgXEoq0n4T HUbG7myICJUp5GSrFQom7bfYwSmt8u8NcW47eOpQywBD//wiH9HCQJmD8OqPCnQfVB 6BVSJthbQS3xvuE9/tattT16sqanMmSWErM5jGQ8=
In-reply-to: <69a40f28-426f-f6fd-bda0-f034c02fcde0@riseup.net>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <365a8866-b2e9-23ed-d674-4667697feba3@riseup.net> <69a40f28-426f-f6fd-bda0-f034c02fcde0@riseup.net>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

bo0od:

- no IP logging - no external resources


You shouldnt trust TPO on not doing that either (not because they do
that but because there is no control on that from user side so you
should assume the worst when it comes to
security/privacy/anonymity).


I see your point as an end user here, but from the torproject's point of view it would expect
a more cautious approach with tor user information and practice harm reduction strategies
instead of saying
'Oh, you didn't use tor browser to protect yourself when you accessed our support forum? It's your fault'
to avoid a future where discourse gets compromised and someone publishes/leaks all forum logs.

If you don't log it in the first place, there is less data that can harm you afterwards.
Expecting users to never open an url in the "wrong" browser window is a bit unrealistic.

It is also a matter of leading by example - especially for a privacy focused project.

At the end user need to trust an entity to make discourse functional,

TPO or not doesnt matter.


I believe it does make a difference where you host something that requires
some level of trust especially when it is visible in the url bar,
because users trust some entities (or domains) more then others.

kind regards,
nusenu


--
https://nusenu.github.io
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] torproject forum hosted by 3rd party?
  - From: nusenu
- Re: [tor-talk] torproject forum hosted by 3rd party?
  - From: bo0od

Prev by Author: [tor-talk] torproject forum hosted by 3rd party?
Next by Author: Re: [tor-talk] torproject forum hosted by 3rd party?
Previous by thread: Re: [tor-talk] torproject forum hosted by 3rd party?
Next by thread: Re: [tor-talk] torproject forum hosted by 3rd party?
Index(es):
- Author
- Thread