[tor-talk] TOR bundle on hostile platforms: why?

Anthony Papillion anthony at papillion.me
Thu Aug 8 17:34:27 UTC 2013


On 08/08/2013 11:23 AM, Thomas Hluechnik wrote:
> 
> Me personally would never use tor on a Windows host. Currently I am
> playing with OpenBSD because even Linux is getting too large for my
> taste because while having so much code its more easy to hide
> something inside.

Agreed. Neither would I. But there are people who, for whatever
reason, don't have a choice. Sure, it's not the most secure (or at
all) option for running Tor. But it does introduce a lot of Windows
users to Tor, makes them curious about security, and does, in many
cases, provide actual protection. It's not like Windows just
automatically sends Tor traffic to the government or Microsoft.

That said, I tend to agree with a statement that Jake makes a lot:
Windows users don't care about security. I used to balk at that as I
have  a lot of very security conscious friends who use Windows. But
then the whole PRISM stuff came out and, when they learned about it,
they did nothing. In fact, I don't know a single Windows user who left
Windows because of the revelations.

So I have to agree with Jake now: most Windows users don't actually
care about security.

> I was really happy when finding tails. This should be considered as
> the future for TOR: it doesnt matter if any DAU (german word for
> computer beginner) has its Windows computer full of backdoors and
> viruses. He just starts from USB or CD having an acceptable level
> of security.

Completely agree! TAILS should be in everyone who cares about their
Internet security's toolbag. It's dead easy to use - as easy as TBB -
but provides an amazingly higher level of security. Of course, this
might not be an option for people with older computers.

> So my mind: stop supporting Windows and even stop MacOS. Stop
> support for ANY closed source OS. In former years I played with tor
> on Sparc based hardware until I got aware that Sun is not willing
> to publish the sourcecode of its crypto libraries. This smells
> funny, isnt it?

I think this is a bad idea. It alienates Windows users and doesn't
give them ANY exposure to security software at all. If you stop
developing for Windows and MacOS, new users may never actually hear
about Tor or, if they do, they could be intimidated since Windows or
Mac is all they know. I think it's much better to continue to develop
for those platforms but strongly, consistently, and clearly, warn
users that they are still exposed and, in some cases, Tor may not do
anything for them at all, while advising them to move to a secure OS.

Users need education. Forcing them out won't help them become secure.
I deal with people like this every day. They won't move from Windows
or Mac to Linux or BSD to get more secure if you try to force them.
They will simply not use Tor.

Best,
Anthony



More information about the tor-talk mailing list