Volunteer QA: The Price of Freedom is Eternal Vigilance

by mikeperry | May 23, 2012

We have a dream. We believe it is possible to produce free, secure privacy software that is regularly used by many millions of ordinary people all over the world. They will use it to inform themselves, explore new and controversial ideas, communicate with one another, and safely share things about their lives. They will do so with confidence that so long as the software rests upon a secure foundation, it will not betray them; in fact it *cannot* betray them, by design.

Tor Browser Bundle can be that software. Sadly, we know that it is not yet that software. We're aware that many aspects of the Bundle are either imperfect, incomplete, or absent entirely. We intend to work as hard as we can to improve this situation.

However, we also know that even the keystone of true security is not yet properly in place. We know that we must properly deploy this keystone, or we risk the collapse of everything we have built so far.

That keystone is the community that reviews our designs. It is the community that audits our source code. It is the community that tests the binaries produced from that source code. It is the community that will verify that the binaries that we distribute are produced from that source code and nothing else.

It is time to organize our community into place to serve as that keystone. We cannot have true security without it.

Our plan is to start small, with manual testing and manual analysis of each build. We will use that to incrementally work towards full automation available to be run on any of the arbitrary platform configurations available to the community. Runa Sandvik will begin coordinating these releases.

We expect the process to be bumpy at first. To start, Runa will simply give interested people a url to a release candidate with a grab bag of urls along with some basic tests to perform within some time limit before the build is to be released. These urls will initially come from arbitrary pages around the web, but hopefully we'll eventually distill them into our own collection of minimal test cases for which testing is fully automated. Until that point, test pages will need to come with a description of expected behavior and results. We're hoping that the community will also seek out new and useful test urls and write up result descriptions for them.

We will soon be switching to the 10.x-ESR Firefox branch for our stable TBBs, while concurrently maintaining an alpha series based on Rapid Release. To minimize the incidence of surprise issues in the stable TBB when ESR undergoes major upgrades, we will need people devoted to testing both branches on multiple platforms. We will also need people running auditing systems that verify the TBB they test is well behaved.

To participate, please inform Runa via email (runa at torproject.org) which TBB branch or branches you intend to test on which platform (Operating System and CPU). Bonus points if you have a unique configuration such as AntiVirus software, and/or are able to analyze TBB in an auditing sandbox framework such as Seatbelt, AppArmor, SELinux, a firewall that will log proxy bypass attempts, or simply with Wireshark or any other network analyzer. Extra bonus points if you document your setup for others to use.

Independent from the group Runa will coordinate, we also need people analyzing our builds, to ensure against tampering at the build machines themselves. We need to use the differences uncovered by this analysis to work towards the ability to produce identical binaries on multiple, clean instances of build platforms which can be brought up from scratch anywhere around the world.

To help us get started, we will also need people who simply create independent builds for others to compare against our official builds. I suspect that many reversers and hobbyists interested in learning reversing may find devoting the system resources and time to build their own TBB binaries a prohibitive barrier.

Basically, everyone should try to help eliminate the need for duplicate work done by others at each step of both the QA and build inspection processes. Similarly, we should be constantly looking to refine our testing and analysis processes to eliminate manual labor.

Thank you all for you willingness to help. Let's work together to build the world we want to live in.

Comments

Please note that the comment area below has been archived.

May 23, 2012

Permalink

In PIDGIN, which can be configured easily with TOR, there is no option of pictures sharing which is used routinely. Hence we have to use YAHOO MESSENGER for our conversation with the members of our anti-corruption and anti human trafficking group because it is better to share images instantly over yahoo rather than uploading them onto filesharing sites.

A computer operator working for us told us to use proxifier to proxify yahoo messenger with TOR and asked us to use the following settings which you can see in image format (screenshots).

Kindly check and reply if these settings are safe.
Image 1: http://img14.picoodle.com/i55n/dekho/0_64b_uck3u.png

Image:2: http://img13.picoodle.com/i55n/dekho/1_c5f_uck3u.png

Image:3: http://img14.picoodle.com/i55n/dekho/2_39f_uck3u.png

Image:4 - http://img15.picoodle.com/i55n/dekho/3_37e_uck3u.png

May 23, 2012

Permalink

It's not going to work. Current software engineering practice cannot assure that anything as complicated as the TBB, with as many complicated interfaces to as many complicated things as the TBB, "cannot betray them, by design". You might be able to make it less likely to betray them, but only if you change the basic design.

It doesn't matter how many people you get involved. You will still have a giant mass of largely uncompartmented code written by multiple people and organizations in multiple languages. You will still have a giant fractally complex attack surface (actually two giant fractally complex attack surfaces), plus a giant fractally complex interface with a system that's crammed full of the information you're trying to protect.

Plus, for extra fun, it's running on a platform provided by the user, one that you don't control, and one that comes in at least three major flavors and innumerable variants. And each and every component is constantly changing on a separate schedule, and you can't afford to get behind. And any fixes you make will have to get pumped through those same release processes, and they won't go through all that fast.

You need to control those attack surfaces. Or you need to reduce the need to secure them by defining some defensible boundaries. Or both.

You almost certainly need a sandbox, maybe more than one. And they need to have truly, fundamentally simple edges, not nightmares where you have to monitor everything crossing something hugely complicated, like the DOM, or the system call interface of a general purpose operating system. Or you're going to fail.

The TBB, with its existing "run a browser on the user's computer and pray" design, can't ever reliably protect against a state actor or even against Pinkie Pie. All it takes is one zero-day in a browser, a plugin, or an addon. Or, of course, in Tor itself, but at least that's a little smaller and a little more under your control.

You could do something more securable than you have, by at least making sure that an attacker provably had to breach more than one identifiable, independently implemented boundary. You could make those boundaries as small and simple as possible. Then you could start trying to QA the result.

But to do that you would have to throw away most of what you have now, which means throwing away most of the QA work you're asking people to do.

You're not ready. Why do you want to QA an architecture that can never give you confidence?

Wow, you sure are one hell of a defeatist. Why bother doing anything at all? We should all just go home, right?

The reason we don't is very simple: Because people use the software right now. They want it to exist. At least some of those people can and will help us get to the level of security you describe, if only we ask them to help and can make proper use of their efforts.

This is how Open Source development works. People scratch their own itches. They will help each other build the software they want to use, if given the opportunity to do so.

For example, if you check the sandboxing ticket (#5791), we've already got several community-developed sandboxes up there. It's very likely at least one of the sandboxes that the community creates will be the foundation or at least the prototype for the official sandbox we deploy. In the meantime, community-developed sandboxes will also help us discover important privacy and security bugs in the software as people use them and notice violations.

End-to-end defense-in-depth security doesn't just descend down from heaven. We must iterate towards it. We'll get there eventually, but it will take time and wide-spread community review, auditing, and validation testing at every step.

There really is no other way.

May 24, 2012

In reply to mikeperry

Permalink

Read it again. I'm not telling you to do nothing. I'm telling you that you need to fix your architecture before you dump a lot of effort into QAing what you have.

May 24, 2012

In reply to mikeperry

Permalink

I went and read ticket number 5791. The things people are talking about there are not close to where I believe you need to be. I think you can get where you need to be, but you need to think bigger, be more radical, and probably give up something else. That doesn't mean you need to do more, but it means you need to use your resources differently. What you're calling for will, in my very strong opinion, misdirect your resources into an untenable path.

You cannot QA the browser. You don't have the resources. The browser projects are a lot bigger than you are, have direct control over browser development, and they can't QA the browser. And it's not even just the browser; people are going to want or need a bunch of plugins, addons, IM clients, document viewers, media players, etc, etc, any of which can have killer holes. They might even need their own domain-specific apps. Call the whole mess "UA" code.

Your only path to success is to assume that all of the UA software is enemy code. Keep it up to date, sure. Configure it the best way you know how, sure. Choose projects with good security practices, sure. Maybe even test it a bit, if you get the time. But your own efforts to make that giant mass of code "safe" can't be your primary line of defense, and you can't assume you've succeeded.

That means that something that is not part of the UA code, and that can't be changed by the UA code, must enforce a lot more than I see anybody talking about in ticket 5791.

  • The UA can't talk to the outside world at all except through Tor. No TCP, no UDP, no DNS, whatever. Not on the LAN, not services on the user's local machine, not anywhere.
  • The UA can't know the user's IP address. Tricky, since it does have to be able to do sockets.
  • The UA can't have access to the user's regular files.
  • The UA can't know anything about the hardware. No MAC addresses, no serial numbers, no device types, maybe not even the real screen resolution.
  • The UA can't talk directly to the same window system that has the user's non-Tor stuff going on in it.
  • The UA isn't allowed to probe all over the place for security holes. Even letting it make unfiltered system calls is probably too much.
  • The UA probably can't keep persistent state. If it does, there at least have to be multiple isolated copies of that state for different user personas.

You need at least one reliable layer of defense between the UA code and the user's system, probably two independent ones. Anything short of that, and one day you're going to hear that Iran or somebody has suddenly arrested a few hundred of your more prominent users. You know, as an example for the others.

The only way I can think of doing that is to wrap the UA code in a VM, with a tightly locked down OS of your own running in that VM. Even that OS shouldn't get private information. It should have only a virtual LAN connection, one with a local address, that can only talk to a Tor process running outside the VM. I think you need to keep all non-anonymous information completely out of that VM.

Myself, I'd use Linux in the VM, because it's auditable, easy to distribute, and has some of the right features. And I'd use both SELinux and the Linux namespace features to keep the UA code from probing the rest of the VM. And I would probably put Tor in yet another VM. And I would probably give at least the option of a TAILS-like standalone system where both of those VMs ran under a virtualizer I controlled, rather than directly on the user's regular environment. And I would still be nervous. But at least I'd have done something that would take a real effort to beat.

You're right. I'm defeatist. I'm defeatist because I do not believe that you can protect the user while running directly in the user's own OS instance, especially at the same time giving the user an unrestricted choice of OS. I do not believe that you can have Tor and Vidalia running in the same compartment as the UA code.

I believe you should abandon those goals in favor of genuine protection.

And I do not believe that you should direct your limited resources to the impossible end of trying to secure a Web browser.

First of all, everything you describe still has to have a browser buried in there somewhere. That browser still needs to be audited for privacy and security issues.

Second, most if not all of the things in your bullet list *are* possible in a good sandbox.

Third, that sandbox is still just a layer around the browser. Tails or any other system in a VM can be another layer around that. Each layer needs auditing and testing, *including* the browser.

These are all independent, orthogonal defenses, and each defense can be used to audit and reinforce the others. There's no need to abandon testing and improving one just because the others are useful or important, too.

We need all of them for extreme cases like state-sized adversaries.

I'm not convinced we need all of them simply to avoid tracking by the ad networks, residential ISPs, and random Internet stalkers. That's why TBB is worth producing on its own. Though I agree, let's work with the community to figure out how to ship a good sandbox for it.

Citation needed? NoScript provides vulnerability surface reduction. It doesn't solve everything. It's another layer, but it has its downsides. The primary one for us being a huge fingerprinting impact if you tailor it from defaults.

It's possible Giorgio could myopically believe he competes with sandboxing.. But also I find that doubtful. He's pretty sharp. He could just be doubtful that current sandboxing is statistically better at its current state than vulnerability surface reduction, and therefore Firefox + NoScript is better than Chrome + Chrome's Sandbox.

But there's no reason you can't do both, if you do it right.

May 23, 2012

Permalink

HOW TO CHECK OUTGOING TRAFFIC AND SOME SECURITY ISSUES!
*********************************************************
Sometimes we have to configure some applications like yahoo messenger and other instant messengers or browsers with TOR, but we want to know some fool-proof method to know as to where our outgoing traffic is going and whether the application is currently routing the whole traffic through TOR or not.

When I configure any application, I reply on freeway tools like cports or PROCESS HACKER or PROCESS EXPLORER to see where my application is connected. Is it an authentic way to do the same?

Please give us some method to check all that. Most of the social activists are not well versed in techniques.

Why TOR or TAILS doesn't maintain connection to 4 or 5 nodes instead of just 3 nodes? I think that creating something to route the data through 4 or 5 nodes of different countries will be more secure because it will more likely to be 100% anonymous over internet.

Today someone suggested me to your a new TOR/TAILS based application called "AdvOR" or "AdvTOR" or "Advanced Onion Routing" which routes our all internet traffic to any number of nodes (subject to maximum of 10 nodes and that too all belonging to different countries). But since this AdvOR is not certified by your, nor by TOR, we can't rely on that because we can not believe in their claims unless duly recommended by your team. What's your take on it? If they can give us an option to set any number of nodes to route our traffic, why can't you do the same? You are doing a lot of hard work to ensure security of life and liberty to social activists and we want something more and more secure.

We have to use many addons on Firefox while using "TAils" and "TOR"; how can we know which addon is safe and doesn't reveal our real IP address?

The problem with TAILS is that it is based on linux which we generally do not use because we are using Windows operating system since our childhood.

Kindly discuss in detail as all the users of TAILS and TOR are supposed to read this thread. Discuss more and more in this thread (post).

Facebook has started blocking the profiles of users who are using TOR/TAILS due to constant change in IP address. They compel the users to verify their profiles with cellphone numbers which we can not do because giving cellphone number means giving each and every verified details of ours to facebook and we can be traced easily within a few minutes.

"The problem with TAILS is that it is based on linux which we generally do not use because we are using Windows operating system since our childhood."

Evil laughter from Microsoft ensues ;)

Besides I would also like to know if you follow the development of AdvOR and if you see any striking issues with the recent releases?

I am not a developer, just a user and follower.

It is my understanding that, at the moment, the only methods of using Tor that are recommended and thought to be somewhat reliable are either the Tor Browser Bundle (https://www.torproject.org/projects/torbrowser.html.en), or to use TAILS by booting it from a USB drive, running it off of an optical disc, or by running it in a virtual machine (assuming you trust the computer hardware, operating system, and VM software you are using) (http://tails.boum.org/).
I believe the developers are discouraging people from manually setting applications to use Tor, as it is very likely that applications are giving away your identity unless they have been properly and thoroughly tested and examined. For instant messaging, you can use Pidgin inside the TAILS system to log onto Yahoo and other services for instant messaging.
Pidgin used to be included in the browser bundle, but was found to leak identifying information. (https://blog.torproject.org/blog/tor-im-browser-bundle-discontinued-tem…)
You can use Pidgin without Tor and still protect the contents of your conversations and also verify who you are talking with and give yourself deniability by using the plugin called OTR (off-the-record). This is a plugin you can download for Pidgin (windows/linux). The plugin also comes included with Adium (mac), Jitsi (all systems). The plugin can also be used on phones with Gibberbot (android) and ChatSecure (iOS). These programs should all be able to message each other using OTR. OTR does NOT conceal your IP/location, or who or when you are talking to someone... it only protects the contents of the conversation.

This explains why Tor uses 3 nodes and not 4 or 5 or more: https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#Youshouldletpe….

As far as plugins/addons/extensions for web browsing, I think it is usually best to change the Browser Bundle and TAILS browser as little as possible. This is not only just so that you don't unknowingly compromise your anonymity, but also because browsers report information about what is loaded in what is called a User Agent. When you change your add-ons, it makes your User Agent different and this makes it stand apart from all the people who left their browser settings as they originally were. This might make it easier for someone to identify you when you visit websites. It is best if everyone's user agent has many other people's who's user agent is identical to them. You can see more about this here: https://www.eff.org/deeplinks/2010/01/tracking-by-user-agent

I have personally not heard of AdvTor.

Using an operating system you are not used to can be very uncomfortable and frustrating, but almost all gnu/linux operating systems like Debian (what TAILS uses) and Ubuntu (based on Debian) are free and have lots of documentation and website to help you learn to use them. They are ideal for people who are concerned with surveillance and privacy, because their code is free for everyone to see and copy and explore; This makes it hard for anyone to keep secrets that might harm someone's rights to privacy, and lets anyone who has a solution to a problem be free to implement it as they wish. There are many other reason's why gnu/linux and protecting privacy go well together. If you care about these things, you should try to spend a little time to get familiar with them. You can even use them as your full-time computer operating system.

About a year ago I tried to use Facebook with Tor, and found the same things you mentioned, that Facebook has made their website so that it is almost impossible to use Tor to access it. So I haven't had a Facebook for a year now. It has a very poor privacy policy and people shouldn't use it anyway. You should try using Identi.ca, or Twitter, and watch the project "Diaspora" throughout the rest of the year.
And yes, you should never post something like your phone number anywhere on any part of the internet, ever.

Hope I helped some :)

////but also because browsers report information about what is loaded in what is called a User Agent. When you change your add-ons, it makes your User Agent different and this makes it stand apart from all the people who left their browser settings as they originally were. This might make it easier for someone to identify you when you visit websites. It is best if everyone's user agent has many other people's who's user agent is identical to them. ////

Oh, considering that I could be more safe I was spoofing my useragent by using certain firefox addons out of which UA Control was the best for me. I have set the following custom useragent for all the websites:
"Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10_5; en-US) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1"

Actually I was doing all this to take plea that I don't own MAC Computer and thus I was the not the user of the websites where I shared confidential matter. I think now I should consider the facts given by you and use the default useragent of TBB.

Thanks for detailed reply.

You asked a lot of good, hard questions. I wasn't actually sure where to begin.

First: Your first line. For Windows, my recommendation is simply watch things with Wireshark:
http://wiki.wireshark.org/CaptureSetup/WLAN#Windows
http://portforward.com/networking/wireshark.htm

However, use of it will require an understanding of how the Web works... I recommend watching non-Tor traffic to get an idea of how it differs from Tor traffic. HTTP and DNS traffic will be easier to spot than HTTPS, when mixed together with Tor traffic.

For your questions about AdvOR, I generally feel like they're probably not actively out to mess you up, but I worry about their assumptions that all apps are always safe to shove through Tor on a per-process basis with no other tweaks. In fact, Chrome is known to have several out-of-process proxy bypass bugs that likely won't be fixed by AdvOR's "Force Process" machinery. Obviously, you'll want someone to verify this (probably with Wireshark....).

As for TBB standalone vs Tails, in a serious situation my money would be on Tails (unless you have sandboxing for TBB). If you can tolerate using a second machine for private things, that is... It's just a shame Tails does not yet share our Tor Browser patches (which help *substantially* with fingerprint-based tracking and website visit linkability).

May 24, 2012

In reply to mikeperry

Permalink

Thanks. I used wireshark but could not understand anything because of its real time monitoring where every entry was alien to me. I don't know how does it work. I don't know why people develop such complicated tools/interfaces which ordinary people can't understand. TOR is the best application in the world I have ever seen because it is all preconfigured and categorically show the nodes where we are connected to.

May 23, 2012

Permalink

Create a forum, now.

No, really, create a forum, now!

Can you hear me now?

CREATE A FORUM, NOW!!

I feel your pain. We're working on this, but we don't want to get pwnt while running some shit like phpbb. AFAIK, the current thinking is that we want something akin to stackoverflow for Tor.

If someone else wants to create a phpbb instance so their own machine can get pwnt, we wouldn't tell people not to use it. If good QA/sandboxing/auditing discussion took place there, we might even encourage people to collaborate there.

In the meantime, can you create a free email account and subscribe to tor-talk?

https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

May 24, 2012

In reply to mikeperry

Permalink

"We're working on this"

Finally, you're working on an official Tor discussion forum?

You just made my day, thank you and godspeed!

We have been for a few months now. There are two initial issues:

A) We're nervous that we won't have enough coverage by clueful Tor people (since all the developers are flat-out overloaded; but that's another story), so it will be confused people talking in a vacuum. That will be just as frustrating as the mess here.

B) What Mike said above -- most forum software is incredibly bad from a security perspective. That implies even more ongoing commitment to keeping it up-to-date. If we're going to spend time getting our act together on something, shouldn't we focus on the TBB build and QA system first? :)

May 26, 2012

In reply to arma

Permalink

"shouldn't we focus on the TBB build and QA system first?"

Having an official Tor forum is critical.

There has to be *some* money in the barrel for a forum. It would be a central focal point for all user skill sets and may attract more developers (and moderators) who may contribute for free!

Every serious project *needs* a forum, especially this one.

I can guarantee you'd receive more bug reports and people trying to improve Tor if you made an official forum.

To be honest, the Tor Project might be making the perfect the enemy of the good here. I would personally argue against doing any trademark violation pursuit against any random "Tor User Forum", so long as it did not seem to consistently spread misinformation. We just don't know how to host and maintain such a thing properly ourselves on our own infrastructure.

If such a forum *does* end up consistently recommending garbage, we probably will have to ask it to call itself by some other name.

May 29, 2012

In reply to arma

Permalink

"We're nervous that we won't have enough coverage by clueful Tor people (since all the developers are flat-out overloaded; but that's another story),"

Yet, you continue to offer support not only on IRC but also by individual email and even by *telephone* (!). Surely that cannot be a cost-effective use of limited resources. Time spent on a forum would help many more people.

All this was noted numerous times on this blog.

May 24, 2012

In reply to mikeperry

Permalink

"some shit like phpbb"

Such gratuitous profanity is beneath you, Mr. Perry.

What? Do we have an adversary here, or are we just wanking off into the ether? Are there some people who somehow can only use http to access the blog, and get blocked because of me?

I'm a native speaker of sailor-mentat. It's tha mothaf*cking king's english where I'm from. I can at times imatute Proper Mentat exalctly, but it takes a metric hella sh*tton of effort, man.

P.S. Was that better? This sh*t is hard, g*dd*amnit. I'll see what I can do.

May 28, 2012

In reply to mikeperry

Permalink

Hahaha I would buy you a beer if I could for making me laugh.
(im not anyone above)

May 30, 2012

In reply to mikeperry

Permalink

"Do we have an adversary here, or are we just wanking off into the ether?"

First, if someone who merely posts, "Such gratuitous profanity is beneath you, Mr. Perry" ("Mr.", no less) is an "adversary" to you, then I'd hate to see how you react to a REAL adversary.

(Please do not take the following personally. I would and have asked the same basic questions to many others, and regarding similar usages in the vernacular.)

Regarding your metaphor:

Assuming you have no actual objections to the practice of masturbation, how, exactly, does it make sense to use a reference to it as a pejorative?

Now, perhaps you will answer that "wanking off into the ether" was merely a way of symbolizing trolling, i.e., an activity that may provide thrill gratification to the one engaging in it but is ultimately pointless and futile.

In that case, I would ask:

When not procreative or serving to bond lovers, what, exactly, does sexual contact with another accomplish that masturbation doesn't?

May 30, 2012

In reply to mikeperry

Permalink

"wanking off into the ether"

Hmm, sounds like the dream of every adolescent male: No messy, embarrassing evidence left behind...

May 28, 2012

In reply to mikeperry

Permalink

What's your opinion of the open-source, and old (and well maintained(?)) Phorum? It uses PHP and MySQL -- http://www.phorum.org/

The problem I see with most secure software, and hosted options mentioned in https://trac.torproject.org/projects/tor/ticket/3592, is they are quite ugly and atypical [0] of discussion forums most Internet users are used to; if you're going to offer a discussion forum, it should not confuse people.

I know PHP has security issues, but there has to be a happy medium between something that would be ideal (from a user perspective) [1,2], and something that would be ideal from a security perspective. People should enjoy using your forum...and it should be easy to use and not atypical (granted, that doesn't mean you need YouTube embedding, emoticons, and the like garbage).

[0] http://zoho.com
[1] http://forum.atagar.com/
[2] http://i2p2.de

Note: I am looking to open a forum, with a small child-forum on Tor usage for Windows, and I'm looking for good discussion forum software. That's why I'm following #3592. I looked at Phorum, but I found it atypical (graphically) in a way that I believe would be displeasing to most visitors.

May 25, 2012

Permalink

>You're right. I'm defeatist. I'm defeatist

You make an overgeneralizations for the problems too.

IMHO, you correctly define a vectors of attacks and point to a very broad domain of TBB complicacy.

"All or nothing security" is not a "do nothing apology". Accomplishing strategy with a "too many defense layers as possible" need optimization and risks evaluations as well as any other parts of the security design .

If you reasonable assume that after some finite layers or rounds you can make a probability of failure is acceptable or close to zero then you wouldn't want to be a defeatist.

May 25, 2012

Permalink

> About a year ago I tried to use Facebook with Tor, and found the same things you mentioned, that Facebook has made their website so that it is almost impossible to use Tor to access it. So I haven't had a Facebook for a year now. It has a very poor privacy policy and people shouldn't use it anyway. You should try using Identi.ca, or Twitter, and watch the project "Diaspora" throughout the rest of the year.

Facebook is a platform to suck information out of users. So this is the opposite of what TOR intends. Also FB is some sort of a closed private Internet open only to whose who abide the rules and are able to feed the beast the information it needs. I am sure you have a torrent of information about your particular case, but I say it's stupid to use FB when privacy is of any concern.

Also be aware that any easily available service goes for about the same thing. So Google will go at certain lenghts to make it a pain to log in if you are playing tricks like TOR to change places fast. So Google services should be out of the question too.

Stumbleupon and other sharing services should be left fot those who can afford no privacy. So these should be passed too.

Also free service coupled with any type of search engine or advertiments go down along with Google. Yahoo, AOL, Lycos and so on. They are very very serious about loging and tracking you no matter what and they are going to throw a lot of extra checkups just to discourage you from going against their practices.

Sure, it's hard to find the Gigabytes for free and if they are not free that usually means some identifying credit card. But there are alternatives. I am not going to mention them here as I really don't want them overloaded with trafic. Just do your side of the search. HTTPS is a must because you can't trust the TOR nodes. Free is very important as not to be linked with some banking institution. Always have alternatives. Backup plans. Don't just have one mailbox. Have two. At two different providers. In two different countries.

And remember: there is no such thing as free lunch. And being lazy makes things worse.

May 25, 2012

Permalink

First off, big big thanks you all

I'm posing a question that is slighty off-topic question, so please feel free to ignore me. Seriously.

That question is if anyone from the Tor team could recommend using the alternative to Tails (its not billed as that by the author just FYI) by the name of Liberté Linux?

http://dee.su/liberte-faq
http://freecode.com/projects/liberte

In particular, could the Cables protocol it implements (https://github.com/mkdesu/cables/wiki) possibly be as sound as it seems?

Thanks for any reply.

P.S. - Can't volunteer at this time but I would if I could.

May 25, 2012

Permalink

Great work Tor team! Lots of informative comments to read. I agree that forums can waste huge amounts of time. I understand if the Tor developers don't want to spend all day answering questions.

Wiki's are probably a more efficient use of developer time. https://trac.torproject.org/projects/tor

I know I've referred Tor's extensive documentation a bunch in the past. Thanks again!

"I understand if the Tor developers don't want to spend all day answering questions."

Currently, Tor devs spend time answering questions by email and *telephone*. Wouldn't that time (however much it is) be spent far more efficiently on a forum?

As was noted numerous times in the past, on a forum,answers could be searched and read, and members of the public could provide answers that Tor devs would simply have to corroborate.

June 01, 2012

Permalink

Google is extremely hostile to Tor users. I find it difficult to even perform searches with it, and Gmail? Forget it. This is very confusing since I've read that Google funds Tor. Yahoo and Microsoft though are very good for both searches and e-mail.

Facebook is flat out evil. MySpace? Can't even visit the site, redirects to Google! Disturbing how a site can identify Tor users like that.

Twitter so far is a friend.

June 03, 2012

In reply to arma

Permalink

>Perhaps you're behind some proxy that does man-in-the-middle attacks on your SSL?

Not that I am aware of; just my regular ISP ethernet connection with Firefox 12.
Same thing when I try in TBB.

Neither blog.torproject.org nor the home page at torproject.org seem to give me any problem; when I connect to either with https I see "torproject.org" in a sky-blue box at the left side of the URL bar.

For the blog it says, "Verified by GeoTrust, Inc.", and for the Tor Project home page it says , "Verified by DigiCert Inc."

But when I go to https://www.torproject.org/donate/donate.html.en , I do not get the blue bar and Fx says that the page is only partially encrypted.

June 13, 2012

Permalink

Quoting from the blog post:

That keystone is the community that reviews our designs. It is the community that audits our source code. It is the community that tests the binaries produced from that source code. It is the community that will verify that the binaries that we distribute are produced from that source code and nothing else.

It is time to organize our community into place to serve as that keystone. We cannot have true security without it.

Conspiracy factists know that military/federal/intelligence entities are highly motivated and funded to penetrate and compromise the enemies of the police state (i.e., any person, group, or technology capable of improving the people's odds against being raped by the state's machinery).

One of the old standbys they use (out of many tactics that you can look up) is to take "The Many Independents" (men and women who work and think independently) and shepherd them into The Organized Group. Because organized groups have LEADERS. And leaders run things, they decide what should be worked on, whose ideas will be used to solve issues, who will be appointed head of this or that initiative, etc. In many different ways both obvious and non-obvious, leaders set agendas and priorities and allocate resouces. Leaders also have the power of the group majority itself (peer pressure) to shame dissenters into silence, to "encourage" the freethinking individualists to "get on board" and "stop making trouble" etc. (In this last regard, make sure to look up "The Delphi Technique" which is used in group settings to engineer concensus via social subterfuge.)

My point is: When it comes to privacy and anonymity technology, especially TOR, thinking people must realize that govt-level attention and resources are being expended to compromise it. And when govts play such games, idiots like you and me aren't going to be seeing it happening out in the open. What you need to look for are events like: The software project gets handed off to a new group of developers. Or: a new "employee" joins the team. Or: Interpersonal differences have broken out among the developers that are throwing a wrench in the bug fix schedule. Or: A new initiative has been begun that wants to take the wild and wonderful constellation of independent software auditors and bring them all under one group (where they can be effectively controlled). Etc. Please be aware.