You are making a very big mistake! In theory your are correct with what you are saying but you are assuming the total noob can learn how to safe anonymously but also give grandma a chance to surf anonymously. Grandma knows what a browser is but has never heard about encryption or TCP/IP.
On Sat, 24 Mar 2007 00:50:15 -0400, "Freemor" <[EMAIL PROTECTED]> said: > I've been watching this thread with some interest and just wanted to > add my view to the discussion. I think there is a real danger in making > TOR too easy. Yes, I do understand that Microsoft and others have > created a world of people that want every program to function completely > with 3 clicks. For some applications this is a laudable goal. > > However, when one is dealing with a program that deals with security > or anonymity I think it is important that people who intend to use the > program take the time and effort to learn. They need to learn what it > does, what it doesn't do, how it does it, how it is circumvented, how to > check if it is working correctly, etc. One of the major reasons there is > so much tracking of personal data on the web is most users lack of > responsibility for their own privacy and security. > > For these reasons, my concern is that making TOR a 3 click wonder will > not only further propagate this "some one else will worry about my > privacy/security for me" thinking and ultimately would lead people to a > false sense of security because they wont properly understand the TOR > network, and will blissfully find ways to make their computer leak more > then a bucket with no bottom, all the while thinking "oh, it's fine, > I've got TOR on, I can see the icon in the systray right there". > > I feel that rather then head down the 3 click wonder path, it would be > better to invest time in reminding users that we are talking about their > security, or their anonymity, that as such it is their responsibility, > and decidedly worth the time to learn as much as possible about the > programs or systems they use to protect it. > > I would hate to see the day when the TOR team has to waste countless > hours and resources to battle complaints that "TOR failed to protect me > when I <insert use that TOR was never intended for>". > > Just my thoughts on the subject > > Freemor > > P.s. to the tor Dev's -- Yes, I know TOR is not a security application. > That just snuck in there as I deal with computer security regularly and > often see the same "the computer/internet/isp/mysterious someone" should > take care of that for me mentality. > > On Fri, 2007-23-03 at 02:44 -0700, JT wrote: > > Hi, > > > > why spend hundreds and thousands of hours of coding? > > > > Is there a browser that doesn't support javascript, java, flash, > > quicktime, etc but only pictures so one can read html text and pictures > > and can read a normal newspaper? If there is such a browser why not > > force Tor users to use it? Make Tor only work with that browser. > > > > If Tor wants to be an anonymous communication tool it should come in an > > entire package. If Tor wants to be successful it MUST come in complete > > package. > > 90% of the users use it to surf anonymously, the rest use ftp, chat or > > whatever. > > > > How about instead of telling a user to: > > > > install tor and vidalia > > activate tor > > install the tor button > > intstall the noscript > > install flashblock > > configure noscript > > deactivate flash, etc > > install cookie culler > > turn off the referer header in the browser > > etc > > etc > > > > have them just install the "package for free communication". > > That way there is no way they can forget to turn anything off or on. > > That way every person that uses the "Tor package for free communication" > > can benefit from the expertise of the people that release the package. > > All the "hacks" that are published are not against Tor but against the > > users "communication package" that the users put together himself. Why > > not help/force internet noobs to be safe. > > > > I know it is called the Tor project but why not extend it to a real > > communication package. Vidalia was as good start. Now one step further!! > > > > Is there a free open source browser that could be shipped with the Tor > > package that is fully configured for anonymous surfing and fine tuned to > > be most anonymous, set so that it can be only used through Tor? It > > should be modified so that a noob can not change the settins by > > accident. > > > > I am not a programmer but this is what must happen. If Tor is only > > supposed to be for technical experts and people that hang out in > > security forums every day then we should continue as is but if Tor is > > supposed to be for the masses(more people more distributed trust) then > > there must be a bundle. A package with everything set up for anonymous > > browsing where some internet newbie can not possibly reveal his IP by > > misconfiguration. The user clicks the setup program Tor installs, the > > Tor browser opens, ready to go. No way the surfer can use that browser > > without Tor. > > > > Such a software package would make Moore's publications completely > > uncecessary. > > > > I wish I could help implement this but I am not a programmer. > > > > But this is the only way for Tor to succeed. A software bundle including > > perfectly configured browser, every user must be a server, and there > > must be a button with which people can choose to be an exit or not. > > Right now it is way to difficult. If grandma and grandpa are capable of > > choosing to be a server or exit nodes then Tor will become extremely > > popular and successful. But everybody must be a router(like I2P). There > > is no other way. Taking the client user base and making it a router base > > would solve many problems and the possible combinations of paths (n-k-1 > > over k) would be so huge that an attack where the adversay controls all > > routers in the path would be almost impossible. > > -- > > JT > > [EMAIL PROTECTED] > > > > ------ > > Freemor <[EMAIL PROTECTED]> > Freemor <[EMAIL PROTECTED]> > > This e-mail has been digitally signed with GnuPG > > -- JT [EMAIL PROTECTED] -- http://www.fastmail.fm - Or how I learned to stop worrying and love email again
