[tor-talk] FBI cracked Tor security

[Mirimir]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/18/2016 06:11 AM, Jon Tullett wrote:
> On 17 July 2016 at 05:11, Mirimir <mirimir at riseup.net> wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>> 
>> On 07/16/2016 08:21 PM, Jonathan Wilkes wrote:
>>>> I'm hardly asking for perfection. Just a little heads up for
>>>> the sheep.
>>> You're unwilling to even describe non-technical users as human 
>>> beings, yet you want Tor to suggest a vastly more complex 
>>> alternative for them?
>> 
>> OK, they're naive and trusting. For which "sheep" is common
>> metaphor.
>> 
>> Running VirtualBox and Whonix is hardly "vastly more complex".
> 
> It is, you know. More complex, and probably not suitable.

More complex? Sure. But vastly so? That's debatable.

> Haroon Meer, who I greatly respect in the security space, describes
> UX complexity in terms of his mum. As in, "could my mum do this?"
> and if the answer is no, it's too complex for the average user. I
> like that.

His mum probably shouldn't be using Tor.

> Fact is, security is a spectrum. "No security consideration at all"
> is at one end of that spectrum. Tor, the TBB and the associated 
> documentation, is someway further along the spectrum, Whonix is 
> somewhat further still, but there's a lot more room beyond that.
> Even that's a gross oversimplification - "no browser security
> except NoScript" is more secure but less private than TBB in its
> default configuration.

I agree.

> Because of that, I don't think it's possible, much less desirable,
> to describe the entire spectrum of use-cases. And even less
> possible to actually document the toolset appropriate for every
> point.

I'm not calling for that.

> It's probably far more meaningful to help users understand that 
> spectrum, self-assess where they fall on it and what their risk 
> profile may look like as a result, and pointers to resources which 
> would align with that.

That sounds good to me. Except that there's nothing on the Tor Project
site about Whonix, and virtually nothing about proxy-bypass leaks.

> "Just use VirtualBox and Whonix" is not meaningful advice. It's a 
> great fit for a very specific subset of users, but many (I would
> guess "most") users are not in that subset, and for everyone else
> it'd just be some combination of confusing, overwhelming,
> unnecessary, or insufficient.

I'm not arguing that all Tor users should use Whonix. I'm arguing that
the Tor Project ought to mention that as an option.

> The key question to you, as someone advocating that specific
> toolset, would be: for what type of user is VirtualBox+Whonix the
> optimum solution, and how would Joe Random identify if he is that
> sort of user?

1) Specify how much ones time is worth: X USD/hr.
2) Estimate pwnage cost (lost income, legal fees, prison, etc): Y USD.
3) Divide Y by X to get time investment justified to avoid pwnage.

Anyway, what does Tor Project gain by not mentioning Whonix?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXjNJMAAoJEGINZVEXwuQ+9vsIALLJepTnQQoCqFCglOZPokIm
sWPFkvUJBPRwjOR+L5l9KpjPMZDf+qfRqIJURIjd5Gn/3BXADDbNB0wYDe+HNJNI
lTHf5cO4RnMMGxADvhfmjMNxAhG6rJytkNXwa8OC3pvbw69+yHPuLc16pDzBvquY
a/QeHuAV4kjtCA/rYoTuy6ibU8UMrn1fnk4RyyWQRF3au20/XTlAOPNwtOMO0jKR
tB/i16Phey28UL+I61aCMB0wjokXvG4LAYMYQku891QTJePesLExhnFsoT7qxJHL
MYeaGh1LVwz4ozh3kZPldWryrqSoNl0SsfqM6QnT05jAR5d+YWRGSgbBHKr4A3k=
=Tnck
-----END PGP SIGNATURE-----