[tor-talk] FBI cracked Tor security

Mon Jul 18 13:33:10 UTC 2016

On 18 July 2016 at 14:57, Mirimir <mirimir at riseup.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 07/18/2016 06:11 AM, Jon Tullett wrote:
>
>> Haroon Meer, who I greatly respect in the security space, describes
>> UX complexity in terms of his mum. As in, "could my mum do this?"
>> and if the answer is no, it's too complex for the average user. I
>> like that.
>
> His mum probably shouldn't be using Tor.

Why not? Are you able to say with certainty that they are not at risk
and shouldn't be using Tor? Sounds like a risky assumption. Not that
it's applicable here, but activists' families are not uncommonly at
high risk. I'd caution against assuming you know someone's risk
profile better than they do. And that, in a nutshell, is why I don't
think Tor should be making such an assumption in its recommendations
to users in general.

>> It's probably far more meaningful to help users understand that
>> spectrum, self-assess where they fall on it and what their risk
>> profile may look like as a result, and pointers to resources which
>> would align with that.
>
> That sounds good to me. Except that there's nothing on the Tor Project
> site about Whonix, and virtually nothing about proxy-bypass leaks.

Why should there be mention of Whonix? It's an independent project.

Proxy bypass, maybe, but that's in there with all the other potential
risks, and again, Tor can't document all of them.

I think we agree that we'd like to see more documentation, we just
aren't agreeing on how much more. Me, I'd like to see them document
threats a bit more with links to discussion and solutions. You'd like
them to be a great more specific in one particular direction.
Ultimately, as I've said before, that balance is one the  Tor
maintainers decide, and presumably they don't do so arbitrarily.

>> "Just use VirtualBox and Whonix" is not meaningful advice. It's a
>> great fit for a very specific subset of users, but many (I would
>> guess "most") users are not in that subset, and for everyone else
>> it'd just be some combination of confusing, overwhelming,
>> unnecessary, or insufficient.
>
> I'm not arguing that all Tor users should use Whonix. I'm arguing that
> the Tor Project ought to mention that as an option.

Why Whonix and not Tails? Why not any other tools?

That's a rhetorical question - I'm sure there are pros and cons either
way and it could be argued at length without conclusion. I'm not
convinced Tor should be promoting either; same way I'm not convinced
Tor should be promoting any specific tools. There will always be
others, and they may be better suited to users depending on their
circumstances.

>> The key question to you, as someone advocating that specific
>> toolset, would be: for what type of user is VirtualBox+Whonix the
>> optimum solution, and how would Joe Random identify if he is that
>> sort of user?
>
> 1) Specify how much ones time is worth: X USD/hr.

Why is money relevant? Where do you live, that freedom and torture is
measured in $/hr? :)

> 2) Estimate pwnage cost (lost income, legal fees, prison, etc): Y USD.

Again, why is cost the metric? It's relevant for a narrow subset of
users in a Tor context, and a broader subset in a general security
context, but I don't see the relevance here.

Even if it were relevant, you've just asked a potentially
technically-incompetent user to conduct a very complex risk analysis.
A lot of CIOs can't do an accurate risk assessment, but you want
Haroon's mum to do it?

> 3) Divide Y by X to get time investment justified to avoid pwnage.

3.1. Is that a meaningful number to anyone? What does it mean? What is
the ratio above which Whonix is the remedy for all my ills? What do I
do if I'm below it? Does it know about exchange rates and cost of
living? What about...you get the idea. Meaningless calculations give
meaningless conclusions.

There must be lots of better ways. For eg, I would guess that a risk
flowchart would be pretty effective. A short series of "Are you
concerned about X?" questions would easily infer a risk profile, which
would map to suggested tools and behaviours. For example: "Law
enforcement authorities are known to attack [link to explanation] Tor
users by compromising servers on the Tor network. Are you concerned
about this type of attack?"

-J