[ux] Fwd: Mobile Tor Browser branding discussion

Georg Koppen gk at torproject.org
Mon May 23 10:01:57 UTC 2016


Nima Fatemi:
> Brennan Novak:

[snip]

>> Tor Browser Lite
>>
>> As that would have the benefits of sounding similar and being
>> familiar for a user to search by title / name!
> 
> The only caveat is that this Tor Browser on mobile, is never going to
> have the security features of the Tor Browser on desktop. At least not
> anytime soon.

I don't think this is true. All Tor Browser promises is to behave
according to its design specification, not more and not less. If you
take a look at https://www.torproject.org/projects/torbrowser/design/
and read section 2 and 3 carefully then I think it gets obvious that
there should be no *technical* reason for not having a Tor Browser on
Android in general. To be more explicit: while there are still things
missing in the current state of OrFox (e.g. reproducible builds, regular
release schedule) I think there is no technical reason for not calling
it "Tor Browser on Mobile" or something similar pointing out that it is
not in a version 1.0 state yet (i.e. it is still in an alpha/beta state)
and that we are working on it.

> Whatever name we end up picking, we should be careful to not to give a
> false sense of security to users. My understanding is that people use
> Tor on mobile mostly to bypass censorship... or at least that's what I'm
> hoping, since a) I haven't done any studies on this, and b) anonymity on
> mobile is much of a bigger issue that tor products alone might not be
> able to solve. (baseband issues, GSM based tracking, etc)

This is probably a concern of section 3.3.4 of the Tor Browser design
specification which might warrant a bit of updating to take the mobile
situation into account (when we are there). But it basically boils down
to being out of scope of the Tor Browser thread model. Thus, no, by
picking up "Tor Browser on mobile" we don't give users a false sense of
security. Contrarily, we might give desktop users a false sense of
security if we maintain that they are safer with Tor Browser on those
platforms given an adversary that is able to exploit the underlying
processes and OSes: there are OS update checks bypassing Tor Browser by
phoning home. There are at least closed-source OSes like Windows and OS
X which could serve you any update that subverts your environment etc...

What currently prevents OrFox from being relabled and rebranded as "Tor
Browser" has non-technical reasons: OrFox is not being developed/has not
been fully reviewed and fully endorsed by the Tor Project. But that
could be worked out, I guess, and would allow the big win of having a
unified and easily recognizable brand across desktop and mobile platforms.

Georg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/ux/attachments/20160523/bb18c715/attachment.sig>


More information about the UX mailing list