-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/18/2016 07:33 AM, Jon Tullett wrote: > On 18 July 2016 at 14:57, Mirimir <miri...@riseup.net> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> On 07/18/2016 06:11 AM, Jon Tullett wrote: >> >>> Haroon Meer, who I greatly respect in the security space, >>> describes UX complexity in terms of his mum. As in, "could my >>> mum do this?" and if the answer is no, it's too complex for the >>> average user. I like that. >> >> His mum probably shouldn't be using Tor. > > Why not? Are you able to say with certainty that they are not at > risk and shouldn't be using Tor? Sounds like a risky assumption. > Not that it's applicable here, but activists' families are not > uncommonly at high risk. I'd caution against assuming you know > someone's risk profile better than they do. And that, in a > nutshell, is why I don't think Tor should be making such an > assumption in its recommendations to users in general.
Giving clueless folk an illusion of safety is arguably bad. >>> It's probably far more meaningful to help users understand >>> that spectrum, self-assess where they fall on it and what their >>> risk profile may look like as a result, and pointers to >>> resources which would align with that. >> >> That sounds good to me. Except that there's nothing on the Tor >> Project site about Whonix, and virtually nothing about >> proxy-bypass leaks. > > Why should there be mention of Whonix? It's an independent > project. What about <https://www.torproject.org/projects/projects.html.en>? > Proxy bypass, maybe, but that's in there with all the other > potential risks, and again, Tor can't document all of them. Tor Project has made a huge deal over the PlayPen pwnage. Demanding that the FBI release information about its NIT. But they can't be bothered to actually explain how users could have been protected? > I think we agree that we'd like to see more documentation, we just > aren't agreeing on how much more. Me, I'd like to see them > document threats a bit more with links to discussion and solutions. > You'd like them to be a great more specific in one particular > direction. Ultimately, as I've said before, that balance is one the > Tor maintainers decide, and presumably they don't do so > arbitrarily. It's not just "one particular direction". It's the vulnerability that's arguably compromised the most people. Or maybe second only to the relay early exploit, which they did patch eventually. >>> "Just use VirtualBox and Whonix" is not meaningful advice. It's >>> a great fit for a very specific subset of users, but many (I >>> would guess "most") users are not in that subset, and for >>> everyone else it'd just be some combination of confusing, >>> overwhelming, unnecessary, or insufficient. >> >> I'm not arguing that all Tor users should use Whonix. I'm arguing >> that the Tor Project ought to mention that as an option. > > Why Whonix and not Tails? Why not any other tools? Tails is on <https://www.torproject.org/projects/projects.html.en> but not Whonix. Why is that? > That's a rhetorical question - I'm sure there are pros and cons > either way and it could be argued at length without conclusion. I'm > not convinced Tor should be promoting either; same way I'm not > convinced Tor should be promoting any specific tools. There will > always be others, and they may be better suited to users depending > on their circumstances. Sure. Except that proxy bypass has been a major fail. Do you disagree? >>> The key question to you, as someone advocating that specific >>> toolset, would be: for what type of user is VirtualBox+Whonix >>> the optimum solution, and how would Joe Random identify if he >>> is that sort of user? >> >> 1) Specify how much ones time is worth: X USD/hr. > > Why is money relevant? Where do you live, that freedom and torture > is measured in $/hr? :) Because I'm a anarchocapitalist ;) Make it qualitative, if you like. >> 2) Estimate pwnage cost (lost income, legal fees, prison, etc): Y >> USD. > > Again, why is cost the metric? It's relevant for a narrow subset > of users in a Tor context, and a broader subset in a general > security context, but I don't see the relevance here. > > Even if it were relevant, you've just asked a potentially > technically-incompetent user to conduct a very complex risk > analysis. A lot of CIOs can't do an accurate risk assessment, but > you want Haroon's mum to do it? It's not complex. If there are no substantive risks, use Tor browser. If being pwned will be a life-changing event, at least use Whonix. >> 3) Divide Y by X to get time investment justified to avoid >> pwnage. > > 3.1. Is that a meaningful number to anyone? What does it mean? What > is the ratio above which Whonix is the remedy for all my ills? What > do I do if I'm below it? Does it know about exchange rates and cost > of living? What about...you get the idea. Meaningless calculations > give meaningless conclusions. My point is that a few days of study and work is justified for anyone who faces substantive consequences from compromise. > There must be lots of better ways. For eg, I would guess that a > risk flowchart would be pretty effective. A short series of "Are > you concerned about X?" questions would easily infer a risk > profile, which would map to suggested tools and behaviours. For > example: "Law enforcement authorities are known to attack [link to > explanation] Tor users by compromising servers on the Tor network. > Are you concerned about this type of attack?" A few years ago, I wrote <https://www.ivpn.net/privacy-guides/will-a-vpn-protect-me>. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJXjOTiAAoJEGINZVEXwuQ+KnsH/ifoU8oFryMNncjzEcu1mbQk b6BPsQ94wrPqQsJZsEZRPEqJDig02/QRvjnCXBLJMp53QcM6UVHm4dKzsNebZRIx nVu89GGoDH94Aq+oMYgo6VW726iMsx2MxyflWyNQl44APe0tpjQXplm/ax/VXsEm utagv6WNa3EBkgpcGd/Zo9BlWfMcoJmBcQn7GU5nKQzagkOaQ1uUoTtpFQhojyWa YdS5IKiE1vfNJ629eNsfEYMwz4WqyYFuPN2pBDZhqX9u5aHSgmZssGVJpEdDzzCm +SjOgNFd6IgJnc3s/s0xwDX9Xfj/qFPNb4e3IrUFCUuZQyZNbFmKhE566b2W5tw= =d5bz -----END PGP SIGNATURE----- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
