[tor-talk] Real basic questions for linux

Tue Jan 3 13:14:56 PST 2012

On Tue, Jan 3, 2012 at 20:42, Julian Yon <julian at yon.org.uk> wrote:
> There's a good reason still to use the Tor Browser: it provides a
> "standard" environment which is the same as every* other Tor user's.
> Safety in numbers is never truer than with anonymity; compare with the
> Black Bloc tactic often used at demonstrations. If everyone looks the
> same it's much harder to identify individuals.

Tor is an infrastructure with a history of being developed and
researched by experts in network security and anonymity. Due to its
unique standing in the congregation of similar networks, Tor attracted
a fair amount of academic scrutiny, which resulted in many refinements
and extensions for resisting various types of attacks, and in
documenting its known weaknesses. While I dislike the excessive
stiffness of the project (RSA-1024? The 90's called, and they want
their bmilitary-grade encryptionb back) and inability to resist the
status quo (what again is the reason for not making nodes relay
traffic by default? beyond you publishing another conference paper on
the oh-so-terrible dangers of that in order to pad your CV, that is),
I trust the Tor project to produce something solid and to not grossly
overestimate its security and anonymity guarantees.

Tor Browser, on he other hand, is just some hack for mangling browser
headers. Who develops it? Who scrutinized it? Were it the same people
who recommended using the unstable and inadequate Polipo proxy
(over-64 MiB files? Nah, never heard of those) instead of
well-established Privoxy previously, due to some imaginary perceived
limitations of the latter (reading manuals is boring, I guess)? Is
there any evidence that Tor Browser prevents fingerprinting which is
marginally more sophisticated than looking at some subset of browser
headers regardless of their order? Or is the joke that is Panopticlick
with its bbits of identifying informationb as state-of-the-art as it
gets (mind you, I was able to fool it with Privoxy rules in LibertC),
masquerading as TBB, although I know that the specific browser in use
can still be fingerprinted differently)? Who cares b let's ship this
junk in a bundle, and convince everyone of its utmost necessity.

inb4: Yeah, well, that's just, like, your opinion, man.

-- 
Maxim Kammerer
LibertC) Linux (discussion / support: http://dee.su/liberte-contribute)
_______________________________________________
tor-talk mailing list
tor-talk at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE