[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] getting Tor to be default browser



On Sun, Sep 4, 2016, at 23:51, No Spam wrote:
> On 16-09-04 14:50:23, Dave Warren wrote:
> > <...>
> If this is the Setting, I THINK Whonix has their VM build with TBB as
> Standard Browser

Probably, but in my (limited) experience, it's either painfully slow or
a memory hog, or both. The overhead for a Windows 10 VM is surprisingly
small, and it's snappy and responsive.

Attacks to identify me and/or correlate my physical location or "real"
identity vs my tor identity aren't a threat model that worry me in my
circumstances, so this configuration is Good Enough for my purposes.

> > I also feel that adding legitimate traffic to Tor is a net positive to
> > the network (since capacity is not currently an issue), if only to
> > prevent the perception that all of Tor is evil bad people doing evil bad
> > things.
> Yes but the biggest Problem are Malicious Gateways that may try to
> steal Credentials or put Malware in you Downloads

This is why god invented HTTPS and HTTPS Everywhere. I wish TBB didn't
block 1Password (although I understand why it does), as this would
reduce my exposure to various types of attacks. Also, I trust random Tor
nodes more than random wifi hotspots in tourist/traveler locations
(airports in particular, where you have gov't actors, the airport itself
and other users).

> IMHO the best way to legitimate the Tor network would be to provide and
> use HS ( which are much less prone to the previous mentioned Problem
> AFAIK ).

Having trivial access to hidden services is great too. Facebook is a
prime example, I have no practical need as I'm using my real identity,
not hiding anything, Facebook forces HTTPS (and I believe, pins their
certificates in HSTS lists?), and I discuss my approximate physical
location with people on Facebook. But it's likely harder to attack the
hidden service than the public HTTPS site, plus staying within the tor
network has benefits.

But, I want the output from Tor exit nodes to show more legitimate
traffic, so even for non-HS traffic, I feel that adding legitimate
traffic is a net good idea until/unless the tor network becomes
over-saturated or my traffic otherwise impedes a user with actual safety
or security needs. I would always yield to those users, as I am lucky
and privileged enough to not be one.I understand why the Cloudflares of
the world see a lot of abuse coming from tor, but I want to them to see
a lot of legitimate user traffic as well.


-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk