[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] torproject forum hosted by 3rd party?
bo0od:
- no IP logging - no external resources
You shouldnt trust TPO on not doing that either (not because they do
that but because there is no control on that from user side so you
should assume the worst when it comes to
security/privacy/anonymity).
I see your point as an end user here, but from the torproject's point of view it would expect
a more cautious approach with tor user information and practice harm reduction strategies
instead of saying
'Oh, you didn't use tor browser to protect yourself when you accessed our support forum? It's your fault'
to avoid a future where discourse gets compromised and someone publishes/leaks all forum logs.
If you don't log it in the first place, there is less data that can harm you afterwards.
Expecting users to never open an url in the "wrong" browser window is a bit unrealistic.
It is also a matter of leading by example - especially for a privacy focused project.
At the end user need to trust an entity to make discourse functional,
TPO or not doesnt matter.
I believe it does make a difference where you host something that requires
some level of trust especially when it is visible in the url bar,
because users trust some entities (or domains) more then others.
kind regards,
nusenu
--
https://nusenu.github.io
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk