[tor-talk] Not comfortable with the new single-hop system merged into Tor

Alec Muffett alec.muffett at gmail.com
Thu Dec 22 11:54:19 UTC 2016


On 22 December 2016 at 11:21, laurelai bailey <laurelaistorm at gmail.com>
wrote:
>
> Which is exactly why you should have this feature as it is. You say its
> insulting to users, we say the actual reality of the situation is that
> people use TOR who arent computer experts and sane defaults are a needed
> thing, to help keep people safe. Dissidents and vulnerable people use this
> service, you cant expect them all to be experts and you cant treat them
> like they are, because they arent.
>

Hi Laureai,

This is a server-side feature, not a tor-browser feature, so will not be
seen nor touched by >99% of Tor users.

The default is "off".

The enablement means hand-editing a flat text file, and adding two,
separate, magical commands to it.

Both of which are named to suggest "this feature is about making the
webserver that you are about to set up, somewhat less anonymous".

And which doubtless will be documented as such.

Given this, I believe that the bigger issue, server side, is highlighted by
Sarah Jamie Lewis' tweetstorm, earlier today, which I highly recommend,
albeit a long read across multiple tweets:

    https://twitter.com/SarahJamieLewis/status/811769153220509700

...that a substantial, perhaps overwhelming, source of security risk is
from people using software in "default" configurations.

Rather than "extremely non-default configurations" as above.

I am trying to help fix this latter issue.  Would you like to help, assist,
or provide aid, and thereby benefit the people who use Tor?

For instance, set up an onion site using the above basic configuration, and
test it?

    - alec

*
https://github.com/alecmuffett/the-onion-diaries/blob/master/basic-production-onion-server.md



-- 
http://dropsafe.crypticide.com/aboutalecm


More information about the tor-talk mailing list