Proposal: Better explaination of threat model and a privacy spectrum #297
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#297
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Hi all,
So one thing I've notice more and more lately is discussions on which software to include and not to include. There are commenters who would emphasize one software over the other and with some valid points obviously. On top of my head, you can see the Bitcoin, Monero, Zcash debate as well as the Brave, Firefox, and Tor Browser debate.
The proposal that I'm bringing up can be disregard if people want but it would probably take a little more effort by the community & people who are running the site. I'm proposing maybe a quick section on threat modeling and maybe a privacy spectrum. So the threat model is important as we all know, allowing us to figure out which solutions are best for us and what emphasize we need to make our privacy work. AKA defending against advertising companies would not require using Tor Browser but maybe require ad/host blocking, cookie deletion, etc as a minimum. So if you are on the "I need the bare minimum protection", you'll get solutions for the lowest hanging fruit (or first option) on the privacy spectrum. But if you are on the more paranoid level, you may opt to using an open source OS w/ Tor or Tails.
I'm not sure how this threat model section will be represented as a privacy spectrum but I feel like it would help people from understanding each software decision and where they stand on a spectrum. AKA, for web browsers:
Privacy Sensitivity (Lowest to Highest)
Brave
Based on Chromium, Brave makes strides to include better fingerprinting protection, ad blocking, etc. by default. It's mission is to retransform the ad business industry to be more respectful of users.
Pros: Easy to setup, cross platform, little settings to configure or mess up, based on Chromium to provide better sandboxing and security aspects, open source
Cons: Not time tested, builds a local profile of user browsing practices, funding practice is based on selling ads
Note: Good for basic level of protection on the web against advertising & analytic companies
Mozilla Firefox
No stranger to the browser world, Firefox has renewed their commitment to protect user's privacy. It is one of the standards on the web and is known for providing a vast web add-on selection to give users many ways to customize their browsing experience.
Note: Good standard for protection on the web. However, users must seek out good add-ons and configurations to fit their needs; can provide decent level of privacy for those who seek it.
Tor Browser
Based on a ESR release of Firefox, Tor Browser is an easy to use solution for it's Tor service. It's focus is on anonymity and privacy. Users use it for vast number or reasons but have been famous for providing a certain level of protection for whistleblowers, activist, and privacy minded people alike.
Pros: Commitment to anonymity and privacy, open source, cross-platform, provides strong fingerprinting protection, easy to use
Cons: Slow, an attack vector from state-backed adversaries possible, web experience can vary quite greatly
Note: Tor Browser is a great browser to have on every system. It provides an easy to use experience for those seeking anonymity and some privacy, however, it's web experience can vary greatly due to webmasters blocking Tor users to websites not rendering properly (depending on JS usage).
Obviously to implement this spectrum, you would need to reorder everything on the website, and provide more information then is already on the website. Anyways, just a thought. Any opinons?
Can we please stop with this awful "state-backed adversaries have exploits" argument? Do you really think that they only have exploits for the Tor Browser? If not then your argument doesn't hold.
I'm sorry with my wording; I thought we already knew state backed adversaries can use exploits any browser or any OS, hence why we are here trying to make recommendations for people. All that is being said is, statistically it's probably going to be more targeted. I don't know why you are knitpicking on such a weird small detail. I guess we should put state backed adversaries for all of them.
This weird detail keeps popping up in a lot of discussions. Calling up such issue in a generic way makes no good at all. You can be tracked on Tor, but it needs months and you should be on a criminal blacklist for such attentions.
See: https://github.com/privacytoolsIO/privacytools.io/issues/179#issuecomment-280351127
Again, I was just trying bring that to light to whoever uses it. Attack vector could mean anything -> spying & tracking, actual exploitation of the browser, JS attacks, etc.
But anyways, I'm gonna close the issue if no one is actually talking about the proposal. The actual content can be anything and information we want to put on it so idk why everyone seems to nitpick on that specific detail.
Under some assumptions, you don't have to be on a blacklist. Your Tor-to-non-HTTPS-clearnet activities often are tracked (and altered).
We should make a whole section about threat modeling, though. I'm writing a tutorial about it right now. Will link it here once it's good enough, then we can pick some parts. If you want to help just tell me, it'll be appreciated.
@Shifterovich I implied a correct use: HTTPS only and no JS.
Then the exit node can only see what your ISP would see.
+1 for a
Helping guys and lads identify what trackers (or unwanted « followers ») they wish they could/need to get rid of rather than going straight full scale, can only help more people to feel concerned and get involved IMHO.
The Design and Implementation of the Tor Browser has a section called Adversary Model.
To my understanding OP proposal (@dnguyen01 please correct if I'm wrong) is all about a Privacy Sensitivity (Lowest to Highest on the privacy spectrum) gradient. Making Privatools.io accessible to quite more people through a « step-by-step », or rather level by level approach (i.e. understandable and applicable).
@tukoz It was exactly what I was aiming for. There's a lot of tools out there but sometimes I feel like people might not know where it stands on a privacy spectrum. It would definitely bring more people together and they can match up their "threat model" with the desired privacy they needed.
We could just add Pros and Cons to the main text -- between the description and the Download/Website/Whatever button.
Also, this could be combined with #146.
@JonahAragon @blacklight447-ptio Do you think this could be moved to blog.privacytools.io instead?
Discussion for an article on this topic is at https://github.com/privacytoolsIO/blog.privacytools.io/issues/10 and maybe https://github.com/privacytoolsIO/blog.privacytools.io/issues/11
I would be willing to write an article about this.
We've now done an article on the differnces between security, privacy and anonymity.