There is probably a better way to solve this problem without having to compile the code yourself. The simple fact is that users are not going to be competent enough to evaluate the code or even evaluate the changes in the code from one release to the next.
The threat here potentially comes from governments mandating a back door. The solution to this problem is to spread out the responsibility of checking for back doors amongst developers in different parts of the world and giving them the ability to issue secure signed hashes of the compile binaries. They would need to compile binaries themselves to create these signed secure hashes. Tor has a vulnerability where there are only two or three bootstraping servers. They are spread out from my understanding although also a point of vulnerability. It requires 2 of three server currently I believe to compromise the service. If I recall correctly there is the possibility to have several trusted entities although there are only two or three right now. I'm sure someone more knowledgeable can provide better info. > Tor and all stuff is Open Source and many people looking inside for > security review. A very weak link is that most users use the precompiled > ready to use binaries. But it is not possible to be sure that binaries are > build from an unaltered source code. The precompiled binaries may include > back doors. Also that most users download from torproject.org is an other > single point of failure as just one instance has to be forced to include a > back door. > > I've never read that someone checks frequently that the source code is > 100% same like the binaries. > Compiling everything oneself is a lot of hassle, most users do not do that > as it's a big inconvenience. > > I am not here to offend someone. There are a lot reasons in the nature of > this project to ask such questions. The whole Tor project is about > distrust and fear of getting traced and logged. Even if I'd knew all > involved persons in person and I'd trust them I wouldn't trust the > binaries 100%. > > The machines who build the binaries could be compromised including a > backdoor on compile time. People with lots of money, government or wealthy > companies could thread and force you or your families to include a > backdoor into Tor. > > To protect you and the Tor users I propose the following.... > > Additionally to the precompiled binaries you could offer a 1-click-compile > version. It could be an script which downloads all the needed stuff for > compiling and building the executable. > > This isn't a bottomless pit. Don't try to make the second step before the > first one. For example on Windows the script would download the > precompiled executables of mingw, msys, msysDTK and so on from sf.net, > download source code of Tor from torproject.org, compiling and so on... > Yes, it would be again a risk to download the precompiled executables as > those could be possibly forced to have included a backdoor as well. > > The idea of 1-click-compile-versions has to develop over time. No one can > expect the concept to be perfect from the beginning. The tor project would > start with it and later over time all the decencies would hopefully also > allow similar 1-click-compile-versions. All this until a point where we > can compile the whole operating system, the browser and Tor with one > click. > > If that's half running I can imagine a distributed community / program to > review the updated source codes. After downloading new source the program > would check it from different sources if it's the same some independent > people had stated there opinion about the changes. This would allow all > users to download, compile and start executables from source at the same > time having some feedback from external developers about the quality of > the source code they're using. > > Don't tell it's impossible. Tell what are the weak points of this concept > are and propose enhancements. > _______________________________________________ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
