-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/11/2016 09:08 PM, bbrewer wrote:
No worries, JUAN, they promise no backdoors… (I’m with you on your design stance, btw)
https://blog.torproject.org/blog/tor-social-contract
"The Tor Social Contract Posted August 9th, 2016 by alison in • ethics
• human rights
• social contract
At The Tor Project, we make tools that help promote and protect the essential human rights of people everywhere. We have a set of guiding principles that make that possible, but for a long time, those principles were more or less unspoken. In order to ensure that project members build a Tor that reflects the commitment to our ideals, we've taken a cue from our friends at Debian and written the Tor Social Contract -- the set of principles that show who we are and why we make Tor. Our social contract is a set of behaviors and goals: not just the promised results we want for our community, but the ways we seek to achieve them.
[ etc ] As a QA and document control guy, I can't read something like that without processing it like this: "We are committed to transparency; therefore, everything we release is open and our development happens in the open. Whenever feasible, we will continue to make our source code, binaries, and claims about them open to independent verification. In the extremely rare cases where open development would undermine the security of our users, we will be especially vigilant in our peer review by project members." Translation: We believe in and practice an open, accountable development process, except when we don't. The public is allowed to see how TOR works, except when the public is not allowed to see how TOR works. Trust us, what you don't know won't hurt you. "We are not just people who build software, but ambassadors for online freedom. We want everybody in the world to understand that their human rights -- particularly their rights to free speech, freedom to access information, and privacy -- can be preserved when they use the Internet. " Edit to include: The TOR project believes in human rights, except the rights of persons accused of crimes to be held innocent until proven guilty, and to publicly confront their accusers in a neutral, public Court. The TOR Project believes in and exercises the rights of risk-averse employers to discipline and discharge victims of malicious office gossip and/or anonymous denunciation as an expedient conflict resolution method. "We never intentionally mislead our users nor misrepresent the capabilities of the tools, nor the potential risks associated with using them. Every user should be free to make an informed decision about whether they should use a particular tool and how they should use it." Edit to include: "The TOR Browser ships with NoScript installed but disabled. Users must enable it themselves to obtain protection against de-anonymization at will by any malicious or compromised website. We do this as a convenience for naive users who may not understand what NoScript is or what it does." With TOR, one can have exactly as much "freedom and security" as one can steal. Just like real life. :o/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJXsNlgAAoJEECU6c5Xzmuqx7UH/juSkFhBaENZSOhPfoPsG/2u UPsXzjtjP7GAf5sMeacTl4O/DCosIace5e67NNuC5JIfmxPl5cJdV+VDfiAJ1uTF MppYOZNW6H0iS/+9TrLsM1YvBO33JjqU2Rep1kA9bxhYV4CtWWTGFPhgQEElbLZL 6wKKzGQy4zYTj6P5oeqEi3Crq9HdETsZstyKNDLqTnPANyLlrHQo5HKQjYeTxNs/ ywLfTRK4kBJxB5Xq8RYI9x4FwVV9R7pjqlZLLhFtuS8WXzA0AmfanDgOvSc1WXef vt7ZyNCm/tgpfNiCTjC60qZeGCpGy9mRzalMgUPI8YVe9QI4P6CUOrMav8GqPgk= =3BN7 -----END PGP SIGNATURE-----