[tor-talk] New Tor Browser Bundles with Firefox 6

Joe Btfsplk joebtfsplk at gmx.com
Sun Aug 21 20:06:52 UTC 2011 

On 8/21/2011 2:28 PM, Justin Aplin wrote:

  On Aug 21, 2011, at 2:53 PM, Joe Btfsplk wrote:
>> Thanks.  How "experimental" are they?  They are alpha releases, after all.  For most software, alpha releases are only intended for testing (most developers stress that point).  For something involving privacy / anonymity (depending on where you live), is using an alpha version for every day use advisable?  Yes, Firefox 6 fixes security issues, but TBB is alpha.
> What you're doing here is switching from a bundle of software that has *known*, readily-exploitable security issues, to a bundle which fixes those particular issues but *might* have unknown security issues. Some of these unknown issues may have also existed in the previous version(s), some may be new. Since software will rarely, if ever, be "exploit-free", by upgrading in this manner you're taking a small risk of opening yourself up to new exploits in order to greatly reduce your risk of being exposed to current ones.
>
>> I've always wondered about Tor Project's (perceived) different opinion that users should switch to a , b versions - vs. other developers' caution about using them.
> In my experience, developers usually say this because they don't want to be held responsible (read: blamed) for compromising the stability of production machines. This applies to Tor as well, since the alpha and beta branches tend to crash more frequently than the stable branch does. But since the alpha and beta branches tend to include new features, and since the majority of new features in Tor are geared toward improving security, the same logic as above applies.
>
> ~Justin Aplin
Thanks.  In this case, I understand about FF 6 & Tor Project wanting to 
move to it.  Re:  Tor w/ FF 6.  Firefox 6 fixes known issues.  The main 
purpose of Tor is anonymity, not protecting against browser attacks - 
yes?  (though using the latest browser is good, for browser safety).  
But, isn't using an in thoroughly tested Tor version more risky from an 
anonymity point - ?  (the risk level depending on where you live, i.e., 
"what's the worst that could happen if I get found out").  For people 
living in highly repressive countries, would the bigger concern be 
relatively assured anonymity, visiting an anti gov't site or preventing  
a browser attack?  For me, it might not be a big issue - not so sure 
about some other countries.

More information about the tor-talk mailing list