[tor-talk] To Toggle, or not to Toggle: The End of Torbutton
Mike Perry
mikeperry at fscked.org
Wed Apr 13 01:53:38 UTC 2011
Thus spake Milton Scritsmier (ktr-theonionrouter at dea.spamcon.org):
> On 4/11/2011 5:33 PM, Mike Perry wrote:
> > I think the average user is horribly confused by both the toggle model
> > and the need to install additional software into Firefox (or
> > conversely, the need to *also* install Tor software onto their
> > computers after they install Torbutton). I also think that the average
> > user is not likely to use this software safely. They are likely to log
> > in to sites over Tor that they shouldn't, forget which tor mode they
> > are in, and forget which mode certain tabs were opened under. These
> > are all nightmare situations for anonymity and privacy.
> >
>
> After reading most of the replies to this topic, I'm not sure the
> average user has weighed in. There has been a lot of talk about running
> Tor on various Linuxes, using two computers, etc. I don't mean to
> disparage them in any way (in fact, they have proven most interesting to
> a relative novice Tor user such as myself) but I think all these show a
> lot more technical competence than the "average" user. I also realize
> there are a whole host of technical issues dealing with maintaining
> Torbutton vs. separate Firefox builds, and that this is the best place
> to address these.
Yeah, my question to the list is that "will this new UI model ruin
the hardcore user's day?"
As I said, I think it's pretty clear that it's the right step for
normal users. They only have to click on one thing, and a browser
shows up. Perhaps the UI needs some smoothing and some hints/cues/info
after that point, but we're just talking about the macro issues of the
install/use model itself here.
> It seems to me that secure browsing with or without Tor is too much at
> the mercy of the browser it runs on, and hence here at the mercy of
> Mozilla (nobody even talks seriously about making Chrome or any other
> browser truly secure with Tor). I think all this talk about Torbutton
> vs. Tor browser just dances around this core issue, and that it won't
> likely be solved by maintaining a separate Firefox browser. And so far I
> don't think anybody has solved the problem of a user who understands
> relatively little about computers trying to remain secure against a
> regime with vast resources and skills at its disposal.
Absolutely. We're actively tracking barriers to us supporting Google
Chrome:
https://blog.torproject.org/blog/google-chrome-incognito-mode-tor-and-fingerprinting
https://trac.torproject.org/projects/tor/ticket/1925
And we're also interested in Robert Hogan's Torora work.
Right now, Firefox is actually our only option though. The amount of
work remaining on the other two options is significantly larger.
We realize that the more options we have, the better off we are. For
example, Chrome has several extremely compelling security properties
that Firefox lacks. It's just that the rest of what we need is not
there yet.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110412/983df65a/attachment.pgp>
More information about the tor-talk
mailing list