[tor-talk] To Toggle, or not to Toggle: The End of Torbutton

Tue Apr 12 14:59:46 UTC 2011

On 4/11/2011 5:33 PM, Mike Perry wrote:
> I think the average user is horribly confused by both the toggle model
> and the need to install additional software into Firefox (or
> conversely, the need to *also* install Tor software onto their
> computers after they install Torbutton). I also think that the average
> user is not likely to use this software safely. They are likely to log
> in to sites over Tor that they shouldn't, forget which tor mode they
> are in, and forget which mode certain tabs were opened under. These
> are all nightmare situations for anonymity and privacy.
> 

After reading most of the replies to this topic, I'm not sure the
average user has weighed in. There has been a lot of talk about running
Tor on various Linuxes, using two computers, etc. I don't mean to
disparage them in any way (in fact, they have proven most interesting to
a relative novice Tor user such as myself) but I think all these show a
lot more technical competence than the "average" user. I also realize
there are a whole host of technical issues dealing with maintaining
Torbutton vs. separate Firefox builds, and that this is the best place
to address these.

But I just don't think this list is the best place to address the
usability issues if you really want Tor to reach the widest audience. As
a Tor user and not a Tor developer, I've read the warnings on the Tor
website and realize using Tor safely is much more than just installing
software. But reading this list has me convinced that I never *really*
know when I'm secure. The concept of Torbutton itself probably engenders
a sense of false security to the casual user -- just "click the button"
and you're "secure". On the other hand, I'm not sure I want to maintain
two separate Firefox installations on my computer, especially when using
the official Tor browser still doesn't give me a much greater sense that
I'm secure. The "average" user is just not a great enough expert on
security to know when all the bases are covered (especially if it means
gambling his or her life and liberty on it as some people do today).

It seems to me that secure browsing with or without Tor is too much at
the mercy of the browser it runs on, and hence here at the mercy of
Mozilla (nobody even talks seriously about making Chrome or any other
browser truly secure with Tor). I think all this talk about Torbutton
vs. Tor browser just dances around this core issue, and that it won't
likely be solved by maintaining a separate Firefox browser. And so far I
don't think anybody has solved the problem of a user who understands
relatively little about computers trying to remain secure against a
regime with vast resources and skills at its disposal.

Please understand that this not a problem with Tor developers, for whom
I have the greatest respect, but with the overall problem which is
inherently complex and seems to have never-ending pitfalls. Maybe I'm
exhibiting a great deal of hubris in nominating myself as the "average"
Tor user, but after using Tor off and on for years and keeping an eye on
this list all that time (so maybe I'm not really the "average" user
after all), my sense of ultimate security using it just keeps growing
less and less.

          Milton Scritsmier