Hi hmoh, On Dec 23, 2011, at 3:23 PM, h...@safe-mail.net wrote: > Tor and all stuff is Open Source and many people looking inside for security > review. A very weak link is that most users use the precompiled ready to use > binaries. But it is not possible to be sure that binaries are build from an > unaltered source code. The precompiled binaries may include back doors. Also > that most users download from torproject.org is an other single point of > failure as just one instance has to be forced to include a back door. > > I've never read that someone checks frequently that the source code is 100% > same like the binaries. > Compiling everything oneself is a lot of hassle, most users do not do that as > it's a big inconvenience. > > I am not here to offend someone. There are a lot reasons in the nature of > this project to ask such questions. The whole Tor project is about distrust > and fear of getting traced and logged. Even if I'd knew all involved persons > in person and I'd trust them I wouldn't trust the binaries 100%. > > The machines who build the binaries could be compromised including a backdoor > on compile time. People with lots of money, government or wealthy companies > could thread and force you or your families to include a backdoor into Tor. > > To protect you and the Tor users I propose the following.... > > Additionally to the precompiled binaries you could offer a 1-click-compile > version. It could be an script which downloads all the needed stuff for > compiling and building the executable. > > This isn't a bottomless pit. Don't try to make the second step before the > first one. For example on Windows the script would download the precompiled > executables of mingw, msys, msysDTK and so on from sf.net, download source > code of Tor from torproject.org, compiling and so on... Yes, it would be > again a risk to download the precompiled executables as those could be > possibly forced to have included a backdoor as well. > > The idea of 1-click-compile-versions has to develop over time. No one can > expect the concept to be perfect from the beginning. The tor project would > start with it and later over time all the decencies would hopefully also > allow similar 1-click-compile-versions. All this until a point where we can > compile the whole operating system, the browser and Tor with one click. > > If that's half running I can imagine a distributed community / program to > review the updated source codes. After downloading new source the program > would check it from different sources if it's the same some independent > people had stated there opinion about the changes. This would allow all users > to download, compile and start executables from source at the same time > having some feedback from external developers about the quality of the source > code they're using. > > Don't tell it's impossible. Tell what are the weak points of this concept are > and propose enhancements.
Don't be so defensive ;) We agree with almost everything here, but there are some limitations. By default, even if you build the same code twice on the exact same *system*, you will get two different binaries. We consider this a problem, and and in fact have a ticket open in our bugtracker about doing just that for the linux and os x platform [0]. We have some Makefiles around that can be easily used to bootstrap a build, and we encourage people to try it out and report problems they find. On Windows, the problem seems entirely unsolvable, see the above-mentioned ticket. All the best Sebastian [0]: https://trac.torproject.org/projects/tor/ticket/3688 _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
