[tor-talk] the wiki is dangerous for end users [was: TBB Users: We Need New Directions on Torifying Software! Solution Required!]
proper at tormail.net
proper at tormail.net
Thu Feb 2 19:18:18 UTC 2012
The problem is not just this site
https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO.
Rather it's a problem with the wiki itself, for example also
https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers
is outdated.
No Tor end user should torify Firefox anymore. Few reasons listed under
https://trac.torproject.org/projects/tor/wiki/doc/TorBOX#thingsyoumustknow
look under 'Tor Browser (TB)'.
It is scaring how difficult it is to correctly configure an application
(such as Firefox for use with Tor (TBB)). If you see it like this, end
users really should stay away from to torifying software their self. They
can not just torify Opera and think they are done. Torifying Thunderbird
(with all important settings, plugins, addons, SSL, cookies, maybe some
patches like needed for Firefox) is probable equally difficult like
torifying Firefox.
A high percentage of the wiki is outdated as not actively maintained by
the original authors, the Tor Dev Team or anyone else. The wiki should be
seen more as a reference for developers. Maybe there should be a warning
at the top on each wiki site?
There is no quality policy. Evil people could just add some bogus
instructions on purpose. Anyone can edit and no one will check the changes
in detail. End users seam not to be aware of that. Maybe like wikipedia
there should be some sign like "last verified on x.x.x" and only trusted
people could do that. Or "new version, click here to see last verified
version from x.x.x.".
The safest thing for end users right now would be to stick with TBB or
Tails. I'll hope TorBOX
https://trac.torproject.org/projects/tor/wiki/doc/TorBOX may become an
alternative (no need to torify anything but potentially new
TransparentProxyLeaks
https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxyLeaks.
Torifying software for Tor end users is really dangerous (protocol leaks,
more reasons already listed above).
More information about the tor-talk
mailing list