[tor-talk] TBB 2.2.32 & Automatic Updates

sigi tornode at cpunk.de
Tue Sep 6 21:45:02 UTC 2011 

On Mon, Sep 05, 2011 at 06:36:34PM -0700, Mike Perry wrote:
> Thus spake sigi (tornode at cpunk.de):
> 
> > Sorry, but at this point, I'm really asking myself, how I can trust 
> > the concept of the torproject anymore? Some time ago, the users were 
> > warned about the use of Torbutton with Firefox >3.6 - now the torproject 
> > recommends to use their TorBrowserBundle - but it has automatic updates 
> > for the browser included and some DigiNotar certificates? 
> 
> You are misunderstanding the situation. See other replies.
> 
> Please bear with us. The DigiNotar fiasco forced us to release the
> Firefox 6-based TBBs as "stable" at least 2 weeks early (if not a full
> month), because we were unable to do source modifications to Firefox
> 3.6 on Windows to properly deal with the certificate updates and the
> initial "Dutch exemption".
> 
> We would appreciate it if you tried to help us by diagnosing bugs and
> issues rather than calling our integrity into question over bugs that
> slipped in during a very high pressure situation.

Pardon me for being so rude. I see how difficult this situation is for 
you Tor-devs! I think the most confusing point for me is the switch to 
the TorBrowserBundle. I'm using Tor a lot on my local machine - for 
xmpp, irc and www, and I'm certain it provides a great service for 
anonymity. The question for me was, if I can trust this Browser-Bundle 
enough for now. 

> > I'm confused. And I'd like some clarification here. Possibly I should 
> > switch back to my own browser-profile with torbutton? Is it as safe to 
> > use the Torbrowserbundle, as it was one year ago to use tor with your 
> > own browser with Torbutton? Is there any improvement? 
> 
> We hope to better answer these questions in a Tor Browser Bundle
> design document. Just one of the many other items that were supposed
> to go into a new "stable" release that got pushed aside due to recent
> events:
> https://trac.torproject.org/projects/tor/ticket/3812

I'd really like to have such a document. 

Kudos to you all! 

Regards, sigi.

More information about the tor-talk mailing list