On Wed, Jun 15, 2011 at 10:41 AM, Roger Dingledine <a...@mit.edu> wrote: > On Wed, Jun 15, 2011 at 08:44:24AM +0800, Fernan Bolando wrote: >> Please note my original intent with I started this thread was to >> create a base set of rules for my users to follow to maximimize tor >> anonymity and not become a tool against anonymity. > > Which ones are 'your' users (so I can figure out how to help better)? > I think We can target just a set of general users. Like people who are gun enthusiast or military afficionados can read about all about those stuff without blipping as dangerous person.
>> 1. if somebody runs bittorrent traffic send a warning >> 2. if somebody sends an unencrypted web form through tor send a warning >> 3. set the always warn unencrypted webpage when tor is enabled. >> etc > > What frustrates me is that Firefox *has* that warning enabled at first, > and everybody knows to just click it away. You'll have to make your > browser popup windows dire indeed before users will even notice you're > trying to get their attention. > I try to limit myself to educating people, not increase there IQ. If they chose to ignore popups and a documented set of guidelines and suddenly a malicous tor exit captured there banking password thats up to them. >> that said, I did found this >> https://www.torproject.org/download/download.html.en#warning. It forms >> a general guideline in using tor. It's not as specific as the ones >> from other forums, but it seems to be inline with that. > > The challenge is that good advice differs from user to user. It depends > on your situation, what you're worried about ("what your threat model > is"), what's at risk, what online activities you need to do, etc. When > Tor does trainings for activists in dangerous countries, the conversation > always starts out the same but it never ends up in the same place. > > All that said, I agree that it would be nice to have things spelled out > in more detail for the users who need that. There are a lot of handbooks > out there named things like "security in a box" that aim to explain > it all -- not just Tor but disk encryption, anti-virus, etc etc -- and > they're always forced to make tradeoffs and leave out important topics. > And they even have a specific type of user in mind when they start. > > That said, here are some specific answers: > >> dont use tor in banking or financial transactions > > Agreed in general, but not for the reason you might think: a lot of > banks these days freak out when you log in from a foreign country, and > end up locking your account until you go through a little dance. So it > is because of poorly tuned anti-fraud algorithms that you may not want > to use Tor to connect to your bank. > > That said, I used Tor when logging into my bank account on the Defcon > wireless network. So it depends on your context and what you're worried > about. Yeah, a one size fits all guideline is probably not possible so the warning from the tor website will suffice for now. >> dont use tor in non encrypted email > > Don't use the Internet for non encrypted email. It's a bad idea no matter > where you are -- Starbucks, your cablemodem at home which your neighbors > can sniff, the Tor network, anywhere. > _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk