Closed dnguyen01 closed 3 years ago
C-O-M-P-A-R-T-M-E-N-T-A-L-I-Z-A-T-I-O-N
commented
7 years ago Cons: Slow, an attack vector from state-backed adversaries possible, web experience can vary quite greatly
Can we please stop with this awful "state-backed adversaries have exploits" argument? Do you really think that they only have exploits for the Tor Browser? If not then your argument doesn't hold.
dnguyen01
commented
7 years ago I'm sorry with my wording; I thought we already knew state backed adversaries can use exploits any browser or any OS, hence why we are here trying to make recommendations for people. All that is being said is, statistically it's probably going to be more targeted. I don't know why you are knitpicking on such a weird small detail. I guess we should put state backed adversaries for all of them.
Atavic
commented
7 years ago attack vector from state-backed adversaries
This weird detail keeps popping up in a lot of discussions. Calling up such issue in a generic way makes no good at all. You can be tracked on Tor, but it needs months and you should be on a criminal blacklist for such attentions.
See: https://github.com/privacytoolsIO/privacytools.io/issues/179#issuecomment-280351127
dnguyen01
commented
7 years ago Again, I was just trying bring that to light to whoever uses it. Attack vector could mean anything -> spying & tracking, actual exploitation of the browser, JS attacks, etc.
But anyways, I'm gonna close the issue if no one is actually talking about the proposal. The actual content can be anything and information we want to put on it so idk why everyone seems to nitpick on that specific detail.
ghost
commented
7 years ago You can be tracked on Tor, but it needs months and you should be on a criminal blacklist for such attentions.
Under some assumptions, you don't have to be on a blacklist. Your Tor-to-non-HTTPS-clearnet activities often are tracked (and altered).
We should make a whole section about threat modeling, though. I'm writing a tutorial about it right now. Will link it here once it's good enough, then we can pick some parts. If you want to help just tell me, it'll be appreciated.
Atavic
commented
7 years ago @Shifterovich I implied a correct use: HTTPS only and no JS.
ghost
commented
7 years ago Then the exit node can only see what your ISP would see.
tukoz
commented
6 years ago +1 for a
threat model
Helping guys and lads identify what trackers (or unwanted « followers ») they wish they could/need to get rid of rather than going straight full scale, can only help more people to feel concerned and get involved IMHO.
Atavic
commented
6 years ago The Design and Implementation of the Tor Browser has a section called Adversary Model.
tukoz
commented
6 years ago To my understanding OP proposal (@dnguyen01 please correct if I'm wrong) is all about a Privacy Sensitivity (Lowest to Highest on the privacy spectrum) gradient. Making Privatools.io accessible to quite more people through a « step-by-step », or rather level by level approach (i.e. understandable and applicable).
dnguyen01
commented
6 years ago @tukoz It was exactly what I was aiming for. There's a lot of tools out there but sometimes I feel like people might not know where it stands on a privacy spectrum. It would definitely bring more people together and they can match up their "threat model" with the desired privacy they needed.
ghost
commented
6 years ago We could just add Pros and Cons to the main text -- between the description and the Download/Website/Whatever button.
Also, this could be combined with #146.
Mikaela
commented
4 years ago @JonahAragon @blacklight447-ptio Do you think this could be moved to blog.privacytools.io instead?
jonaharagon
commented
4 years ago Discussion for an article on this topic is at https://github.com/privacytoolsIO/blog.privacytools.io/issues/10 and maybe https://github.com/privacytoolsIO/blog.privacytools.io/issues/11
blacklight447
commented
4 years ago I would be willing to write an article about this.
freddy-m
commented
3 years ago We've now done an article on the differnces between security, privacy and anonymity.
Hi all,
So one thing I've notice more and more lately is discussions on which software to include and not to include. There are commenters who would emphasize one software over the other and with some valid points obviously. On top of my head, you can see the Bitcoin, Monero, Zcash debate as well as the Brave, Firefox, and Tor Browser debate.
The proposal that I'm bringing up can be disregard if people want but it would probably take a little more effort by the community & people who are running the site. I'm proposing maybe a quick section on threat modeling and maybe a privacy spectrum. So the threat model is important as we all know, allowing us to figure out which solutions are best for us and what emphasize we need to make our privacy work. AKA defending against advertising companies would not require using Tor Browser but maybe require ad/host blocking, cookie deletion, etc as a minimum. So if you are on the "I need the bare minimum protection", you'll get solutions for the lowest hanging fruit (or first option) on the privacy spectrum. But if you are on the more paranoid level, you may opt to using an open source OS w/ Tor or Tails.
I'm not sure how this threat model section will be represented as a privacy spectrum but I feel like it would help people from understanding each software decision and where they stand on a spectrum. AKA, for web browsers:
Privacy Sensitivity (Lowest to Highest)
Brave
Based on Chromium, Brave makes strides to include better fingerprinting protection, ad blocking, etc. by default. It's mission is to retransform the ad business industry to be more respectful of users.
Pros: Easy to setup, cross platform, little settings to configure or mess up, based on Chromium to provide better sandboxing and security aspects, open source
Cons: Not time tested, builds a local profile of user browsing practices, funding practice is based on selling ads
Note: Good for basic level of protection on the web against advertising & analytic companies
Mozilla Firefox No stranger to the browser world, Firefox has renewed their commitment to protect user's privacy. It is one of the standards on the web and is known for providing a vast web add-on selection to give users many ways to customize their browsing experience.
Note: Good standard for protection on the web. However, users must seek out good add-ons and configurations to fit their needs; can provide decent level of privacy for those who seek it.
Tor Browser
Based on a ESR release of Firefox, Tor Browser is an easy to use solution for it's Tor service. It's focus is on anonymity and privacy. Users use it for vast number or reasons but have been famous for providing a certain level of protection for whistleblowers, activist, and privacy minded people alike.
Pros: Commitment to anonymity and privacy, open source, cross-platform, provides strong fingerprinting protection, easy to use Cons: Slow, an attack vector from state-backed adversaries possible, web experience can vary quite greatly
Note: Tor Browser is a great browser to have on every system. It provides an easy to use experience for those seeking anonymity and some privacy, however, it's web experience can vary greatly due to webmasters blocking Tor users to websites not rendering properly (depending on JS usage).
Obviously to implement this spectrum, you would need to reorder everything on the website, and provide more information then is already on the website. Anyways, just a thought. Any opinons?