[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Does tor browser bundle can goes on Mac App Store?

On Tue, Sep 18, 2012 at 03:13:26PM +0200, lists@xxxxxxxxxxxxxxx wrote 2.5K bytes in 57 lines about:
: It means that a TBB-like application could be securely delivered and
: updated during time via Mac App Store!

This is a false sense of security. I believe most of the time apple's cert
for updates and installation will be correct. If the national firewall,
or whatever resident malware, can fake the app store host and cert,
then all security is gone.

Users should not have to provide a verified identity in some way in
order to get TBB. Now this just means not only is my computer owned,
I've lost my identity and financial information too. The normal user is
not going to go through a bunch of steps to register with apple using
anonymous pre-paid debit cards and identity.

There are people reverse engineering the entire app store for osx,
in violation of the ToS. Maybe they'll publish how the app store
really works. And how it degrades when the url is blocked, or when
presented with an invalid cert (like a corporate proxy server). It will
also be interesting to learn how much data is sent back to apple, and how
often. Antivirus/antimalware programs seem to sending lots of usage data
back to their 'clouds' to aid in detection and protection of the user.

Of course, the alternative is to jailbreak your own computer to install
non-app store programs. Expecting users to do this will fail massively.

pgp 0x6B4D6475
tor-talk mailing list