[liberationtech] Freedom Hosting, Tormail Compromised // OnionCloud
Andy Isaacson
adi at hexapodia.org
Tue Aug 6 20:19:31 PDT 2013
On Tue, Aug 06, 2013 at 01:50:31PM +0300, Nadim Kobeissi wrote:
> Yes, to be absolutely clear, I think Tor should issue advisories for
> confirmed security issues in Tor Browser, since Tor Browser is a fork
> of Firefox and is independently maintained. This is exactly what Tor
> did this time, except next time you shouldn't wait five weeks for the
> situation to explode.
This is insane advice. Every ESR point release of firefox 17 has fixed
multiple CVEs. Your advice would have them doing a RED BLINKING LETTERS
blogpost on *every* TBB release. This is not sustainable and will
create security fatigue in users, exactly similar to how SSL warning
dialogs trained everybody to "just click accept" back in the ninetys and
the bad old oughties.
We have to move past the "bug the user again" model of security system
deployment.
-andy
More information about the liberationtech
mailing list