#26431: Document a threat model for stem.client ----------------------------+------------------------ Reporter: dmr | Owner: atagar Type: task | Status: new Priority: Medium | Milestone: Component: Core Tor/Stem | Version: Severity: Normal | Resolution: Keywords: client website | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: ----------------------------+------------------------
Comment (by teor): Our security expectations of alternative tor implementations are pretty simple: * We do not expect alternative Tor implementations to be able to emulate C Tor's behaviour, so they are their own anonymity sets (there are several research papers on protocol emulation for anonymity: it doesn't work) * For this reason, and many others, alternative Tor implementations should not claim to support anonymity or privacy that is as good as Tor's: https://www.torproject.org/docs/trademark-faq.html.en So I'm not sure that writing a spec like this would be useful. A few sentences of threat model should be sufficient: stem.client does not make you anonymous. Use Tor Browser if you want to be anonymous. (Link to Tor Browser download page.) When we have a draft guide for embedding Tor in other browsers (like Firefox, Brave, or Cliqz), it might contain some useful information about threat models for alternative implementations. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26431#comment:2> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs