[tor-talk] A secure browsing model?
Mike Perry
mikeperry at torproject.org
Sat Jan 21 05:54:00 UTC 2012
Thus spake Gozu-san (gozu at xerobank.net):
> OK, I just gotta ask. And I'm not trolling :)
>
> How can someone be concerned enough about privacy to use Tor, and yet
> not be concerned about the possibility of inter-process communication?
We are very concerned with it, but only up to a point. We have to
assume (for our own sanity) that the underlying OS and concurrent
applications are not malicious.
However, even non-malicious IPC can still cause problems. See for
example https://trac.torproject.org/projects/tor/ticket/4517
That bug was a new proxy bypass vuln (the first one in literally
years) that happened on Ubuntu Unity, causing a regression in
previously tested drag and drop features that were initially evaluated
as safe.
We really need an automated testing infrastructure to catch stuff like
that, where the platform changes out from under us. I believe we'd
find the need for automated testing with just about any approach as
technologies change out from under us. It's either that, or learn to
accept a higher failure rate over time in the field. That's just basic
engineering :/.
We however have zero automated testing in TBB, and instead depend
entirely on the community, and anonymous reporters like the one who
filed that ticket. Is that enough to lower overall risk? Well, we're
just about the only ones in the world operating even at the level that
we do currently, so who knows. Maybe it is good enough, for now. Can't
beat the price :).
--
Mike Perry
Exterminate all dogma.
Permit no exceptions.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20120120/4de8f0da/attachment.pgp>
More information about the tor-talk
mailing list