On 18 July 2016 at 14:57, Mirimir <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 07/18/2016 06:11 AM, Jon Tullett wrote: > >> Haroon Meer, who I greatly respect in the security space, describes >> UX complexity in terms of his mum. As in, "could my mum do this?" >> and if the answer is no, it's too complex for the average user. I >> like that. > > His mum probably shouldn't be using Tor.
Why not? Are you able to say with certainty that they are not at risk and shouldn't be using Tor? Sounds like a risky assumption. Not that it's applicable here, but activists' families are not uncommonly at high risk. I'd caution against assuming you know someone's risk profile better than they do. And that, in a nutshell, is why I don't think Tor should be making such an assumption in its recommendations to users in general. >> It's probably far more meaningful to help users understand that >> spectrum, self-assess where they fall on it and what their risk >> profile may look like as a result, and pointers to resources which >> would align with that. > > That sounds good to me. Except that there's nothing on the Tor Project > site about Whonix, and virtually nothing about proxy-bypass leaks. Why should there be mention of Whonix? It's an independent project. Proxy bypass, maybe, but that's in there with all the other potential risks, and again, Tor can't document all of them. I think we agree that we'd like to see more documentation, we just aren't agreeing on how much more. Me, I'd like to see them document threats a bit more with links to discussion and solutions. You'd like them to be a great more specific in one particular direction. Ultimately, as I've said before, that balance is one the Tor maintainers decide, and presumably they don't do so arbitrarily. >> "Just use VirtualBox and Whonix" is not meaningful advice. It's a >> great fit for a very specific subset of users, but many (I would >> guess "most") users are not in that subset, and for everyone else >> it'd just be some combination of confusing, overwhelming, >> unnecessary, or insufficient. > > I'm not arguing that all Tor users should use Whonix. I'm arguing that > the Tor Project ought to mention that as an option. Why Whonix and not Tails? Why not any other tools? That's a rhetorical question - I'm sure there are pros and cons either way and it could be argued at length without conclusion. I'm not convinced Tor should be promoting either; same way I'm not convinced Tor should be promoting any specific tools. There will always be others, and they may be better suited to users depending on their circumstances. >> The key question to you, as someone advocating that specific >> toolset, would be: for what type of user is VirtualBox+Whonix the >> optimum solution, and how would Joe Random identify if he is that >> sort of user? > > 1) Specify how much ones time is worth: X USD/hr. Why is money relevant? Where do you live, that freedom and torture is measured in $/hr? :) > 2) Estimate pwnage cost (lost income, legal fees, prison, etc): Y USD. Again, why is cost the metric? It's relevant for a narrow subset of users in a Tor context, and a broader subset in a general security context, but I don't see the relevance here. Even if it were relevant, you've just asked a potentially technically-incompetent user to conduct a very complex risk analysis. A lot of CIOs can't do an accurate risk assessment, but you want Haroon's mum to do it? > 3) Divide Y by X to get time investment justified to avoid pwnage. 3.1. Is that a meaningful number to anyone? What does it mean? What is the ratio above which Whonix is the remedy for all my ills? What do I do if I'm below it? Does it know about exchange rates and cost of living? What about...you get the idea. Meaningless calculations give meaningless conclusions. There must be lots of better ways. For eg, I would guess that a risk flowchart would be pretty effective. A short series of "Are you concerned about X?" questions would easily infer a risk profile, which would map to suggested tools and behaviours. For example: "Law enforcement authorities are known to attack [link to explanation] Tor users by compromising servers on the Tor network. Are you concerned about this type of attack?" -J -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
