Dear Tor Project:
Stop intentionally making download signature verification difficult.

According to https://blog.torproject.org/blog/tor-browser-numbers
1. There are 100,000 downloads of Tor Browser per day.
2. But only 5000-7000 signature verification is done per day.

93%-95% Tor Browser downloads remains unverified at all.
This is because users only have 2 options:
1. Use GPG to verify and expose their true IP.
2. Not verify at all.

Proper checksums for unsigned raw download has been requested many times, but everytime Tor Project response with the same excuse with a stuck up attitude:
"What if Tor Project get hacked and you download the wrong sig?"

Listen, this is only a valid excuse for providing a better method (The GPG method), this is not a valid excuse for not providing even basic sha256/sha512 checksum at all, because they're not mutually exclusive, you can check both.

Look around, from Linux OSes to bitcoin software, everyone provide sha256 checksums. Somehow Tor Project think they are better than everyone dispite a dismal 95% unverified rate. Worse, they have a head-in-the-sand attitude regarding this basic but critical matter.

What Tor Project need to do:
1. Provide sha256/512 checksum for the raw download like everyone else.
2. Make GPG signature verification easy, and possible over tor itself, current guide doesn't cover how to use GPG to verify over tor, thus expose your true IP.

Tor Project developers, stop thinking in ideals and look at the reality.
Take your head out of the sand and actually look at what is happening (95% downloads not verified), not what you want to happen (everyone use GPG to verify).

If Tor Project can't do that, then stop pretending you guys care about user's security and anonymity.

Reply

  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <em> <strong> <cite> <code> <ul> <ol> <li> <b> <i> <strike> <p> <br>

More information about formatting options

Syndicate content