[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] Debian popcon as a vulnerability?

To: Tor Dev <tor-dev@xxxxxxxxxxxxxxxxxxxx>
Subject: [tor-dev] Debian popcon as a vulnerability?
From: Griffin Boyce <griffin@xxxxxxxxxxxxx>
Date: Sat, 13 Sep 2014 19:17:11 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 13 Sep 2014 19:17:24 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cryptolab.net; s=stigmate; t=1410650232; bh=IpetG4DjRLQBBSL8WUG390yKnyzkYXF+UGGQLyaLXOk=; h=Date:From:To:Subject; b=R3tFevO47OEaW+voGjkOUSteh9IGCO3ZQ0+gOGgc9sN63Z5B+0RP+arv16t1wIVO+ RCiv1llrAjpl5TtXdimD6V/D6IPkuJtMXFWz7Ju9WAG5FtwlJLO+dRF0By9hAhTLEp v2sZI5OWTr6mW5e27pYrgFhWszmIdqky8XzdItIA=
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Roundcube Webmail

Hello all!

I am wondering whether to force-uninstall Debian's popularity-contestpackage as part of Stormy's installation process. It would be good tohave an idea how popular Stormy is, but on the other hand, I'm not surehow anonymous the reporting is on Debian's end.

This is also relevant for users of the tor package, who might also beat mild risk (though far less so because the number of users is so high,and doesn't reveal location of location-hidden services).

Anyone have opinions on this? I'm leaning towards checking ifpopularity-contest is installed and then asking if the user would likeit to be removed. If y'all have other recommendations, please commenthere or on the ticket.


Ticket: https://trac.torproject.org/projects/tor/ticket/13154

thanks!
Griffin

--
"I believe that usability is a security concern; systems that do
not pay close attention to the human interaction factors involved
risk failing to provide security by failing to attract users."
~Len Sassaman
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] Debian popcon as a vulnerability?
  - From: intrigeri
- Re: [tor-dev] Debian popcon as a vulnerability?
  - From: Jeroen Massar

Prev by Author: Re: [tor-dev] Symlink to latest sources
Next by Author: Re: [tor-dev] Making and distributing custom TBB with a new "home-page"
Previous by thread: Re: [tor-dev] Defending against guard discovery attacks by pinning middle nodes
Next by thread: Re: [tor-dev] Debian popcon as a vulnerability?
Index(es):
- Author
- Thread