thomas.hluch...@netcologne.de:> Am Donnerstag 08 August 2013 schrieb adrelanos: >> > Thomas Hluechnik: >>> > > My opinion: to be honest we all assume under normal circumstances that a piece >>> > > of software is trustworthy until it is proofed that it contains a weakness or >>> > > backdoor. >>> > > >>> > > With regard of security the opposite is true: we have to assume a piece of >>> > > software to be broken until the opposite can be proofed. >> > >> > How can one proof the absence of backdoors/vulnerabilities? How can one >> > ever proof a negative? > I think you dont get the point. I somebody wears glasses which make hin blind he will very likely stumble. And if such a guy (who loves his foolish glasses) goes hiking in dangerous terrain you can imagine what will happen to him. > > I he is willing to put off his wonderful blind-making glasses it is much more likely that he will not stumple even in dangerous terrain but this is no guarantee. You know you can be very prudent while hiking and stumble nevertheless. > > After this is clear, would you say "you crazy guy can keep on wearing your silly glasses because there is no guarantee to not stumble when you put them off" ? > > Using open source is like putting off the silly blind-making glasses. You have the change to not stumple but no guarantee. > >
I think such analogies aren't of help here. Aainst the threat model you have in mind here (which is fine!), backdoors, Open Source operating systems won't work. I am all for Open Source, but we shouldn't pretend Open Source operating systems are safe against backdoors. There are no operating systems deterministically[1] build yet. There is also no answer to the trusting trust issue [2]. Sad to say, its not much harder to hide a backdoor in an open source operating system where you only download binaries. >>> I was really happy when finding tails. This should be considered >>> as the future for TOR: it doesnt matter if any DAU (german word >>> for computer beginner) has its Windows computer full of backdoors >>> and viruses. He just starts from USB or CD having an acceptable >>> level of security. >> >> This needs trusted distributors shipping Tails on USB or CD. With >> a strong threat model you have in mind, you can't use a version of >> Windows infected with trojans and backdoors to securely get Tails. >> [Oh, that of course also goes for any other Linux distribution. >> Whonix isn't an exception.] > > Thats true. Lets found a company selling such hardened CD's. > But from > a view of our customers: can they trust in us? > Will we distribute > them with backdoors or not? Maybe we are even members of the NSA? > This must be clear since Orwell's book 1984. Security is a relative > thing. They can't trust. One reason to have multiple companies selling such CD's. And those CD's should be built deterministically, so others can rebuild them and check if they contain backdoors. Anyhow. Your questions are valid. And how can customers trust the hardware others sell them not contain backdoors? The diversity of hardware and especially CPU producers is awful. CPU backdoors... [3] With your threat model in mind (which is again fine!), we have already lost. > Others are more interested but have no technical background. They > were willing to protect themselves but are dependent of experts help. > In their eyes WE are the experts and we show them: you can use > Windows in a secure way. In effect we are betraying those people > inadvertedly. > I think our goal should not be convincing people using Linux in first > order. It might be an acceptable scenario that Windows lovers use > their Windows by default but when they want privacy they reboot their > host into LiveCD or USB mode containing tails or something equal. Your arguments are valid. Whether they are right is another question. We can't settle this with discussions. We can't talk people helping to secure Windows in not doing that anymore. We all have intuitions, but that doesn't mean they reflect reality. Maybe "popularity first" is more effective, maybe "no help with closed-source anything" is. We need science to get answers to these questions and to convince us from either thing. If you can come up with an experiment that shows that "no help with closed-source anything" is more effective to pull users away from closed-source platforms, I am the first to drop support for windows-anything. [1] For definition, see: https://mailman.stanford.edu/pipermail/liberationtech/2013-June/009257.html [2] http://cm.bell-labs.com/who/ken/trust.html [3] http://theinvisiblethings.blogspot.de/2009/06/more-thoughts-on-cpu-backdoors.html -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
