[tor-talk] torproject forum hosted by 3rd party?

nusenu nusenu-lists at riseup.net
Fri Oct 29 18:21:46 UTC 2021

>> - no IP logging - no external resources
> You shouldnt trust TPO on not doing that either (not because they do
> that but because there is no control on that from user side so you
> should assume the worst when it comes to
> security/privacy/anonymity).

I see your point as an end user here, but from the torproject's point of view it would expect
a more cautious approach with tor user information and practice harm reduction strategies
instead of saying
'Oh, you didn't use tor browser to protect yourself when you accessed our support forum? It's your fault'
to avoid a future where discourse gets compromised and someone publishes/leaks all forum logs.

If you don't log it in the first place, there is less data that can harm you afterwards.
Expecting users to never open an url in the "wrong" browser window is a bit unrealistic.

It is also a matter of leading by example - especially for a privacy focused project.

> At the end user need to trust an entity to make discourse functional,
> TPO or not doesnt matter. 

I believe it does make a difference where you host something that requires
some level of trust especially when it is visible in the url bar,
because users trust some entities (or domains) more then others.

kind regards,


More information about the tor-talk mailing list