Edward Langenback wrote: > Jim McClanahan wrote: > > I probably should have canned the sarcasm, but I do think that any > > disabling of the client from the network should be easily reversible. > > Part of that is just my philosophy. But it also has a practical element > > in terms of what is required to resume functionality if the client > > suddenly and unexpectedly stop working. Somebody may not wish to take > > the time to install at that moment. > > I assume that Tor can (or could be made to) detect what OS it's being > run on. Given that, what if Tor were to check it's current version > against the directory servers while it's creating circuits. > > Then if the version running is judged too far out of date to be safe, it > could download the most recent version (via the Tor network of course) > for the OS it's running on and "auto-update" itself.
I guess that would depend on the OS and how it is configured. If Tor is running without privilege, as recommended, I would think in most scenarios it would not have the ability to update itself. If something is configured "non-standard" (whatever that may mean in a particular situation) then I would guess the attempt to update would not have the desired result even if Tor had privilege. That said, it is my understanding that on MS Windows, Firefox has such an auto-update mechanism although I am not familiar with the details. Personally, I like to be in charge of what happens on my computers. I remain unconvinced that what happened in the case of "tbreg" should be determining policy for the Tor project, at least as far as client activity is concerned. To the extent the people who installed really didn't know it involved Tor, it seems to me that, if not technically malware, it is at least a close cousin (where software creators are not being up front with users). Trying to, in effect, be the guardian of such users is (IMHO) a losing proposition.