[tor-talk] TOR bundle on hostile platforms: why?
adrelanos
adrelanos at riseup.net
Thu Aug 8 17:30:05 UTC 2013
Thomas Hluechnik:
> My opinion: to be honest we all assume under normal circumstances that a piece
> of software is trustworthy until it is proofed that it contains a weakness or
> backdoor.
>
> With regard of security the opposite is true: we have to assume a piece of
> software to be broken until the opposite can be proofed.
How can one proof the absence of backdoors/vulnerabilities? How can one
ever proof a negative?
> I was really happy when finding tails. This should be considered as the future
> for TOR: it doesnt matter if any DAU (german word for computer beginner) has its
> Windows computer full of backdoors and viruses. He just starts from USB or CD
> having an acceptable level of security.
This needs trusted distributors shipping Tails on USB or CD. With a
strong threat model you have in mind, you can't use a version of Windows
infected with trojans and backdoors to securely get Tails. [Oh, that of
course also goes for any other Linux distribution. Whonix isn't an
exception.]
> So my mind: stop supporting Windows and even stop MacOS. Stop support for ANY
> closed source OS.
> [...]
> If you drop Windows support you have much more time and energy developing save
> versions of tails and Whonix and this will improve the reputation of TOR.
Tails/Whonix/any operating system could be perfectly secure and so
forth. Without anyone knowing about it, no one could take advantage of
it. In order to get people actually knowing about the project, at lot
publicity is required. And you can't get this if users of most popular
operating systems can not use it.
Using Linux distributions inside Virtual Machines is one fine way to get
in touch with Linux. After users learned the basics and due to
educational efforts, they may get up some form of dual boot or entirely
switch to Linux. I think the hard way "use Tor on Free operating systems
or get lost" will attract less than more users and open up for
competition (forks) doing a worse job making it available on non-free
operating systems.
More information about the tor-talk
mailing list