[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Distribution of Linux static tor binary?

On 2012-09-10, at 8:56 AM, adrelanos wrote:

> antispam06@xxxxxxx:
>> On Mon, Sep 10, 2012, at 00:21, Fabio Pietrosanti (naif) wrote:
>>> It would facilitate the inclusion of Tor in third party applications
>>> that include/bundle/redistribute Tor, regardless of the Linux
>>> Distribution.
>> Sounds like a potential risk, the third party intervention. See the
>> discussion about the other TorBrowser.
> I don't share your security concern. Using any third party application
> is always a security risk. If they include a software library or binary
> doesn't change much from that view. A software library might even add
> advantages.
> There are other application developers who want to integrate Tor into
> their applications, for example BitCoin, OperaTor, torchat,
> pidgin-torchat, jtorchat and other third party browser bundles combined
> with Tor...

Why don't they do all that now? Tor is free software. Because they can't
be bothered to read the code. Which means they're likely to misuse a
libtor anyway.

And including dependencies in software you distribute is bad practice.

"Anonymity" depends on the entire stack from the transport to the
application. IMHO, putting a Tor sticker on everything will distract
from that fact.


tor-talk mailing list