On Wed, Mar 07, 2007 at 02:14:33PM -0600, Mike Perry wrote: > Thus spake Freemor ([EMAIL PROTECTED]): > > > I think what needs to be done here is to create a FAQ or other standard > > document that will 1.) inform the vastly misinformed public. 2.) list > > places and ways they can make a difference. > > Excellent post, even if slight off-topic.
I don't think it was off topic. To repeat what I already said in an individual response. I think it was not OT since your post addressed the reality of a situation for which people were designing Tor modifications and deployments and you evaluated their applicability to intended application. > As suggested on IRC, I think > the Tor documentation strategy needs to be rethought. Most people > barely read the download page, let alone the reems of FAQ questions. > > We've had two "attacks" now on Tor that rely on unmasking users who > use Tor incorrectly. One of them actually published a paper and had > decent results at unmasking this way (mostly Asian users who probably > can't read our english mailinglist or english FAQ), and the media > still doesn't seem to understand that these attacks are well > documented. > > The Tor download page should have a concice "Things to know before > downloading" section that lists a few key points about the most easy > ways your identity can be revealed through Tor. Something like > > Things to know before you download Tor: > - Browser plugins can be made to reveal your IP. > - This includes Flash, Java, ActiveX and others. > - It is recommended that you use FireFox and install the extensions > NoScript, QuickJava, and FlashBlock to control this behavior if > you must have these plugins installed for non-Tor usage. > - Make sure your browser settings have a proxy listed for ALL > protocols (including Gopher and FTP). > - For further details, please consult the Tor FAQ. > I had advocated something similar some time ago. Actually what I proposed was that some sort of test server be set up. I know there are already many of them, but I was thinking that there could be testing stages in an install wizard (or a post-install testing wizard) that takes the user through various tests and what to do in response to results. I know a lot of work, maybe another suggestion to be listed on the volunteer page or a candidate for summer of code? > Maybe this will stop the same attack from hitting the blogosphere > every 2 months. Even better, maybe it will stop that attack from > actually working.. > You dream big (not sure which is the bigger dream ;>) aloha, Paul
