[tor-talk] "If you have access to certain tools, you can completely ignore Tor."

Andrew Lewman andrew at torproject.org
Tue Dec 20 04:59:14 UTC 2011


On Sun, 18 Dec 2011 21:02:37 -0600
Joe Btfsplk <joebtfsplk at gmx.com> wrote:
> Even if partly true, this is one reason I don't understand why TBB
> has default settings to allow all cookies, seeing as how its main
> goal is anonymity.  Devs are very concerned about not writing
> anything to cache, but not concerned about cookies.

There's a constant set of tradeoffs between usability and privacy. I
think we should be erring more on the side of caution. The current
design of Torbrowser is here,
https://www.torproject.org/projects/torbrowser/design/

3rd party cookies are not enabled by default. There's also some work on
minimal noscript changes that won't break the web for 99% of the users,
https://trac.torproject.org/projects/tor/ticket/3461

> Under current US & other nations' laws, it's possible that gov'ts
> have already forced developers of any software -  incl. Tor - to put
> in backdoors.  And in fact, say it's illegal for the devs of any
> software to outright disclose such. 

https://www.torproject.org/docs/faq.html.en#Backdoor. If we're forced
to put one in someday, we'll make it obvious and loud that it is so.
The world will be in a sad state if this comes true. A forced backdoor
in Tor will be the least of your problems.

> I don't know that it has happened w/ Tor, but it certainly has in
> other cases.  If you want true anonymity, don't use the internet,

I parse this as the 'abstinence model of Internets'. It doesn't work for
sex education, addictive substances, and it's unlikely to work for
anyone in a modern society. We need a better answer than 'all or
nothing'. We're trying to make Tor one of these better answers.

-- 
Andrew
http://tpo.is/contact
pgp 0x74ED336B


More information about the tor-talk mailing list