[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Does tor browser bundle can goes on Mac App Store?

On 9/18/12 4:11 PM, andrew@xxxxxxxxxxxxx wrote:
> On Tue, Sep 18, 2012 at 03:13:26PM +0200, lists@xxxxxxxxxxxxxxx wrote 2.5K bytes in 57 lines about:
> : It means that a TBB-like application could be securely delivered and
> : updated during time via Mac App Store!
> This is a false sense of security. I believe most of the time apple's cert
> for updates and installation will be correct. If the national firewall,
> or whatever resident malware, can fake the app store host and cert,
> then all security is gone.
I am confident that big manufacturer delivery methods such as Apple or
Microsoft can provide a degree of security extremely higher than most
other system, in particular with extremely high security/usability ratio.

Today i still never saw a "highly usable" secure application
delivery/update system.
End-user will never really dig into GnuPG verification of downloaded
files and all that stuff that nerds and cipher-punk like a lot.

User are mostly dumb, that's imho a condition we must live with that fact.

For that reason if the big of the IT industry does provide us a method
(App Stores) that's far better than GnuPG verification of downloaded
files (in a security/usability consideration), it maybe valuable to
leverage that methods.

> Users should not have to provide a verified identity in some way in
> order to get TBB. Now this just means not only is my computer owned,
> I've lost my identity and financial information too. The normal user is
> not going to go through a bunch of steps to register with apple using
> anonymous pre-paid debit cards and identity.
No, you can create a Mac App Store account without any credit card, just
with an anonymous email account:

Accessibility of Mac App Store is very high, in few minutes you can
download "securely" applications and get notified of new updates.

For sure it's not free and it's a "wallet garden".

But it's a garden plenty of +200.000.000 persons, so imho it would be
useful to stay in touch with people in such Apple's garden (and next
Windows 8 new garden, and then Ubuntu Deskop Marketplace).

> There are people reverse engineering the entire app store for osx,
> in violation of the ToS. Maybe they'll publish how the app store
> really works. And how it degrades when the url is blocked, or when
> presented with an invalid cert (like a corporate proxy server). It will
> also be interesting to learn how much data is sent back to apple, and how
> often. Antivirus/antimalware programs seem to sending lots of usage data
> back to their 'clouds' to aid in detection and protection of the user.
That's a very valuable consideration, to have security review of that

Still, from a software engineering perspective, imho it maybe useful
valuable to start digging into it and understanding the effort to make
release management of Tor, starting going trough application stores
(both desktop and mobile).

tor-talk mailing list