[tor-bugs] #7085 [Tor bundles/installation]: Integrate Cryptocat Browser Extension into Tor Browser Bundle

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Nov 30 20:40:14 UTC 2012


#7085: Integrate Cryptocat Browser Extension into Tor Browser Bundle
--------------------------------------+-------------------------------------
 Reporter:  kaepora                   |          Owner:  erinn                        
     Type:  enhancement               |         Status:  new                          
 Priority:  normal                    |      Milestone:  TorBrowserBundle 2.2.x-stable
Component:  Tor bundles/installation  |        Version:  Tor: unspecified             
 Keywords:                            |         Parent:                               
   Points:                            |   Actualpoints:                               
--------------------------------------+-------------------------------------

Comment(by StrangeCharm):

 Replying to [comment:20 mikeperry]:
 > Replying to [comment:15 arma]:
 > > Replying to [comment:14 mikeperry]:
 > > > Oh, also, I think this extension is something that might make more
 sense in Thunderbird. It's great that it could exist in the browser, but
 secure instant messaging is more like something you'd expect from a mail
 client than a web browser.
 > >
 > > Really? Everybody does their gtalk messaging with a browser these
 days, don't they? A mail client has nothing to do with interactive
 messaging in my world.
 >
 > I think chat only makes sense in the browser for gmail because it's part
 of a webpage that is already used for communications. If it were part of
 some random area of browser UI instead, nobody would think to use it
 instead of their dedicated communications webpage.
 >
 > Moreover, there is no safe way to use GPG with the gmail web interface,
 and it's not likely to exist in a safe form due to the litany of XSS
 issues involved there.. In the future, we should provide a Thunderbird
 build/profile for "communications security", including instant messaging.
 That way, all of your secure communications software pieces are in one
 place.



 Mozilla's user-research indicates that people want to be able to chat in-
 browser (as with Google Talk or Facebook Messenger), *no matter what page*
 they are currently browsing. That's one of the (many) motivations behind
 the social API.

 It's my personal opinion that many folks see the browser as the center of
 their online experience, and don't have mental distinctions between web
 browsing, email, IM, &c.: those are all things which one does
 interactively online (viz: in the browser). Standalone IM, email, and
 other heavyweight client software is increasingly out of sync with many
 users' mental models and behavior.

 If this sounds like an argument for including CryptoCat when it's ready, I
 guess that it probably is. However, I suspect that it's also an argument
 for working out a safe way to use GPG with the gmail web interface, as
 well as a litany of other usability challenges integrating privacy &
 security assurance into the online experience of a typical user.

 Good privacy and security (of the sort to which I suspect almost everyone
 in this thread has easy access through carefully-configured standalone
 client software) shouldn't be as difficult as most users find it. As long
 as it continues to be, the best attacks against Tor users won't be the
 technical approaches which we have worked to hard to mitigate, but will
 emerge through the "normal" online workflows which we haven't yet provided
 for the safe use of, like relying on Gmail to keep messages private, or on
 a social network to safely IM.

 This comment ended up a lot longer than I was expecting. Sorry about that.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7085#comment:22>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list