#25197: Design document isn't precise about "Security" and "Privacy". --------------------------------------+-------------------------- Reporter: arthuredelstein | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-spec | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: --------------------------------------+--------------------------
Comment (by arma): This ticket started when I saw tor browser devs saying things like "that's security, not privacy", which is a recipe for confusion in our modern "you have to choose between security and privacy" world. I think we have been using two notions: * Code security, or implementation security, which is about whether the browser can be exploited, which of course then could lead to deanonymization, identification, etc. * Privacy, which includes fingerprinting defense, but also proxy bypass defense, so in a sense it's all of the ways that things can go wrong for the user without implementation bugs. Our name "security slider" is strictly supposed to be the first one. That is, all settings of the security slider are intended to provide all of our privacy protections. That is, if a Tor Browser dev ever says "well you set your security slider to low so i figured i shouldn't enable that expensive tracking protection", then that is a mistake. (Arthur correctly points out that reducing surface area, which primarily aims to reduce exposure to implementation bugs aka exploits, can also improve things against fingerprinting and tracking and so on. That blurry line certainly confuses the issue, but it doesn't by itself mean we aren't talking about two different topics.) The suggestion in this ticket is to (a) have a section towards the top of the design doc explaining this distinction between the two goals, and then (b) make sure that the rest of the design doc uses these two goals correctly, i.e. doesn't confusingly switch between one word and the other. It's also worth brainstorming more intuitive terms for each of these goals. I think "code security" or "implementation security" is a pretty good one for the first, but the privacy one is broad enough that it's not obvious which term would be best. Let's not let a lack of the best term slow us down too much though. :) -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25197#comment:1> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs