[tor-bugs] #8655 [GetTor]: replace link to gnupg.org/related_software/frontends.html

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Apr 6 15:07:54 UTC 2013 

#8655: replace link to gnupg.org/related_software/frontends.html
--------------------+-------------------------------------------------------
 Reporter:  proper  |          Owner:     
     Type:  defect  |         Status:  new
 Priority:  normal  |      Milestone:     
Component:  GetTor  |        Version:     
 Keywords:          |         Parent:     
   Points:          |   Actualpoints:     
--------------------+-------------------------------------------------------
 The link http://www.gnupg.org/related_software/frontends.html is
 confusing, perhaps even dangerous, for non-techy users who never heard
 about gpg.

 The list starts with GUI Frontends, Cryptophane, which links to google
 code, which is (self-)censored in many areas. [1] The next item, Gajim, is
 a messenger, but can't verify files, therefore misleading. Seahorse links
 to sourceforge, which is also (self-)censored in many areas. [2] Seahorse
 is a key management gui and can't verify files...

 All links lead to non-https sites. Since gettor users can't reach
 torproject.org it's not hard to assume, that they also can't reach any
 pages with encryption (gui fronted) tools, or worse, that those websites
 are victim of man-in-the-middle attacks spreading malicious software.

 The link should point to another website, ideally HSTS or better with
 certificating pinning in Firefox and Chrome. Such a website has probable
 yet to be created. Psiphon [3] uses amazonaws.com. Using amazonaws as well
 would be a good compromise? (If SSL works well and censors are unlikely to
 censor amazonaws?)

 The new list should be short, one example per operating system with a
 verification gui known to work is enough. And the recommended frontend
 should be downloadable from that page as well.

 ,,
 [1] [https://code.google.com/projecthosting/terms.html "Users residing in
 countries on the United States Office of Foreign Assets Control sanction
 list, including Cuba, Iran, North Korea, Sudan and Syria"]
 [2] https://sourceforge.net/blog/clarifying-sourceforgenets-denial-of-
 site-access-for-certain-persons-in-accordance-with-us-law/
 [3] https://s3.amazonaws.com/0ubz-2q11-gi9y/en.html

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8655>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list