[tor-dev] Tor Launcher UI feedback follow up

Mike Perry mikeperry at torproject.org
Mon May 13 20:48:09 UTC 2013

Thus spake Roger Dingledine (arma at mit.edu):

> On Mon, May 13, 2013 at 08:38:53AM +0000, adrelanos wrote:
> > So what's the ethical thing to do?
> > 
> > Totally deprecate the "hide the fact, you're using Tor" use case?
> > 
> > Have a button "My network operator threatens my person safety", which is
> > honest and explains, Tor can't help
> Actually, Tor can help. The diversity of Tor users in a given locale
> gives safety in numbers. If many Tor users are using Tor to read their
> friends posts on Facebook, then this threatening network operator cannot
> easily tell whether you're doing that or something else. The issue here
> is that whether you use a bridge doesn't really change anything.

I think bridge use actually still does change things for many users.

First, not everywhere in the world has expensive and sophisticated
DPI-based censorship systems already installed, but just about
everywhere in the world *does* have the ability to inspect the endpoint
IP addresses of network flows and compare them against a provided list.

Second, unfortunately right now there are laughably few Tor users in
many areas of the world. Consider again the Mexican blogger reporting on
the drug war. If you know the area that person lives in based on what
events they report, there probably aren't many Tor users in that area:

As a drug lord, you're also way more capable of bribing or exploiting
your way into the existing network infrastructure of that city than you
are of covertly installing a new and sophisticated DPI device into that
infrastructure to find Tor Bridge users, let alone obfsproxy3 and
flashproxy users.

As a drug lord, you probably also don't have a whole lot of problems
with killing a small handful of people to make extra sure you got the
right one. :/

> I guess that logic leads me towards leaving out mentions of personal
> safety in the "do you need a bridge" dialog, since it's increasingly
> looking like it's an orthogonal topic.

I still agree here for now, but more so because it is hard to phrase
this in a way that will apply to cases where it does help, using wording
that reflects the level of protection you get (which certainly will be
subject to change as new transports enter the picture).

Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20130513/602b44a3/attachment.pgp>

More information about the tor-dev mailing list