Confusing log about "experimental software" with stable versions

Wouldn't you consider that notice message "This is experimental software" in the log is rather confusing when user works with a stable release? What would it take to get rid of it?

It also contradicts to common sense and terms of "experimental" projects of Tor...

Trac:
Username: axe

changed milestone to %Tor: 0.2.3.x-final

added component::core tor/tor milestone::Tor: 0.2.3.x-final owner::nickm priority::medium reporter::axe resolution::fixed status::closed tor-client type::enhancement labels

Tor as a concept and design is experimental.  The software itself may be stable with features that don't change between point releases.  Anonymous communications is a relatively new field of research, especially when applied to the Internet; see http://freehaven.net/anonbib/.  Tor's designs and concepts are changing in response to research.  "Strong anonymity" is loosely defined as something that can defend against all known attacks.  Strong anonymity doesn't exist, yet.  Until Tor can successfully defend against all attacks, it is considered experimental.

Replying to phobos:

Tor as a concept and design is experimental.  The software itself may be stable with features that don't change between point releases.  Anonymous communications is a relatively new field of research, especially when applied to the Internet; see http://freehaven.net/anonbib/.  Tor's designs and concepts are changing in response to research.  "Strong anonymity" is loosely defined as something that can defend against all known attacks.  Strong anonymity doesn't exist, yet.  Until Tor can successfully defend against all attacks, it is considered experimental.

Well, I can understand that a concept and design is experimental. But the message doesn't refer to the concept and design. It says that the software itself is experimental. Don't you see a confusion here while running the comprehensively tested program?

Trac:
Username: axe
Type: defect to enhancement

Why not change the notice message to say "This is an experimental concept"? Or "This is experimental software by means of concept and design"?

Please understand that the current "as is" message is used by some Tor "critics". I know it's kinda weak argument, but why should it be kept in place when it could be pulled away?

Trac:
Username: axe
Owner: N/A to axe
Status: new to accepted

We've changed the message a few times before; no reason we can't change it again. In particular It might be a good idea to replace it with something more constructive that tells people what Tor can and can't do, and where to find more info about our actual threat model, and why they should care about what the threat model is.

How would you like such edition as

"This is an experimental concept. Learn more about what Tor is for and what Tor can't do at https://www.torproject.org/about/overview.html" ?

Trac:
Username: axe

Hmm. I originally put that message in because I wasn't confident about Tor's code security.

We're a long way from that point now.

I wouldn't want to say that Tor is an experimental concept -- I'd say at this point it's a quite well-accepted approach.

My original goal with the warning was two-fold: a) this software may not actually implement the Tor design correctly, and b) do not assume from the hype around Tor that it is perfect in all ways no matter how you use it.

I think point 'a' is obsolete now -- there are plenty of remaining bugs, sure, but for the most part I think it's pretty good. Certainly it compares favorably with the other options out there, in terms of transparency, in terms of anonymity it can provide, and in terms of anonymity it does provide.

As for point 'b', we might try to focus the message in on this issue, e.g. by pointing to https://www.torproject.org/download/download#warning

Replying to arma:

Hmm. I originally put that message in because I wasn't confident about Tor's code security.

We're a long way from that point now.

I wouldn't want to say that Tor is an experimental concept -- I'd say at this point it's a quite well-accepted approach.

My original goal with the warning was two-fold: a) this software may not actually implement the Tor design correctly, and b) do not assume from the hype around Tor that it is perfect in all ways no matter how you use it.

I think point 'a' is obsolete now -- there are plenty of remaining bugs, sure, but for the most part I think it's pretty good. Certainly it compares favorably with the other options out there, in terms of transparency, in terms of anonymity it can provide, and in terms of anonymity it does provide.

As for point 'b', we might try to focus the message in on this issue, e.g. by pointing to https://www.torproject.org/download/download#warning

Great. Then may it simply say "Learn how to use Tor properly: https://www.torproject.org/download/download#warning" ?

Trac:
Username: axe

moving to 'tor client' so it doesn't get lost in the gutters of 'development progress', whatever that means.

Trac:
Milestone: N/A to Tor: 0.2.2.x-final
Actualpoints: N/A to N/A
Keywords: experimental deleted, N/A added
Component: Development Progress to Tor Client
Pointsdone: N/A to N/A
Actualpointsdone: N/A to N/A

Trac:
Status: accepted to assigned
Owner: axe to nickm

We might want to ship the list of warnings from Tor's download page with Vidalia, so the user has a chance of learning about them even if they didn't get Tor from the download page. Opened as #3024 (closed).

How about something like this for starters:

Tor $version, running on $uname. [[This is an alpha release; do not rely on it for strong anonymity.]] Make sure that you understand how to use Tor safely -- see https://www.torproject.org/download/download#warning !

The part in [[square brackets]] would only appear in alpha releases. Please revise and improve?

These are really long. I suggest two log lines: "Tor $version, running on $uname" which will look like "Tor v0.2.3.0-alpha-dev (git-b0a7e0d6ca45bef3), running on Linux x86_64" and then another [[This is an alpha release; do not rely on it for strong anonymity.]] Learn how to use Tor safely: https://www.torproject.org/download/download#warning

The first line will be particularly long on Windows, and those are many of the users that we want to see the second line.

I wonder if we might even want to break this into three lines (the middle one optional).

Okay, so right now I'm at: Tor $version running on $uname This is an alpha release; do not rely in it for strong anonymity. ((ALPHA ONLY)) Tor can't help you if you use it wrong. Learn how to stay safe at https://www.torproject.org/download/download#warning

Improvements?

Candidate in branch bug2474 in my public repository.

Branch looks ok to me.

Nick wanted to change 'can't' to 'won't' (also ok to me)

Replying to nickm:

This is an alpha release; do not rely in it for strong anonymity. ((ALPHA ONLY))

s/rely in it/rely on it/

Trac:
Status: assigned to needs_review

The thing is that now there is no message on Tor (website/binary/wherever) mentioning that Tor is a low-latency anonymity tool and should not be used for strong anonymity [1]

I'm not good with words so I can't help you with the phrasing but I still believe that there should be a "don't use it for strong anonymity" [1] or a link to a Tor threat model or something like "We recommend you to learn how and what Tor protects against, before using it."

[1]: Which is probably a subjective and although vague term, it probably gets a point across.

Trying one more time. Suggested revised startup message for stable releases:

Tor $version running on $uname Tor won't help you if you use it wrong. Learn how to stay safe at https://www.torproject.org/download/download#warning Understand what Tor protects you from, and what it doesn't: please read (some URL here)

Suggested revised startup message for alpha releases:

Tor $version running on $uname This is alpha software; be prepared for bugs, and do not rely on it for strong anonymity! Tor won't help you if you use it wrong. Learn how to stay safe at https://www.torproject.org/download/download#warning Understand what Tor protects you from, and what it doesn't: please read (some URL here)

s/use it wrong/use it incorrectly/

Trac:
Username: zkw

s/use it wrong/use it incorrectly/

Really? "Wrong" is a perfectly good adverb. Garner accepts it; Fowler recommends it; and the OED records adverbial use of "wrong" since Middle English.

I can't comment on the grammar thing, but I like nickm's last suggestions (both stable and alpha)

I don't mean any offence but to this particular pedant it sounds uneducated --- like something Val & Earl from "Tremors" would say.  Perhaps it's a British vs. American English thing, a regional thing, or just a personal thing.  If Fowler doesn't mind then I guess the only benefit of using 'incorrectly' is to avoid arguments with self-righteous pedants like me.

Nit-picking aside, limiting the use of the "strong" warning to alpha-quality releases looks good!

Trac:
Username: zkw

Trying again. Velope on IRC suggests that we drop the "strong" sentence from alphas and stable series, on the theory that somebody will interpret its absence to mean that this one does have the "strong" anonymity, for some value of "strong" not currently compatible with low-latency anonymity networks.

Tor $version running on $uname [[This is alpha software. Be prepared for bugs!]] Tor won't help you if you use it wrong. Learn how to stay safe at https://www.torproject.org/download/download#warning Learn what Tor protects you from and what it doesn't: please read https://www.torproject.org/about/overview.html

The [[part in brackets]] is the alpha-only part.

Sounds good to me.

But here's another nit, since there are so many nits here already: when we're running 0.2.3.15-beta, are we going to call it 'alpha software' still?

Not that I have a better word. 'unstable' is bad. 'experimental' could be better. How about "This is not a stable Tor release."? or "This is a development Tor version." or "This Tor version is not a stable Tor release."

I'm slightly partial to the last one.

Replying to nickm:

Velope on IRC suggests that we drop the "strong" sentence from alphas and stable series, on the theory that somebody will interpret its absence to mean that this one does have the "strong" anonymity, for some value of "strong" not currently compatible with low-latency anonymity networks.

I don't mind losing the phrase about 'strong' anonymity. Once upon a time, all the users of Tor were anonymity researchers. Expecting ordinary users to realize that the word 'strong' has some hidden meaning (one that is quite subtle even to anonymity researchers, I might add!) is foolish at this point.

Replying to arma:

Replying to nickm:

Velope on IRC suggests that we drop the "strong" sentence from alphas and stable series, on the theory that somebody will interpret its absence to mean that this one does have the "strong" anonymity, for some value of "strong" not currently compatible with low-latency anonymity networks.

I don't mind losing the phrase about 'strong' anonymity.

Then instead, how about "This is not a stable version of Tor. Expect bugs, possibly severe." ?

On second thought, this has been bikeshedding for long enough. Making the changes I like, and merging. Please make more changes if you like. :)

Trac:
Milestone: Tor: 0.2.2.x-final to Tor: 0.2.3.x-final
Status: needs_review to closed
Resolution: N/A to fixed

I used the same rationale to remove the "this is experimental code" paragraph from the tor deb's text.

Trac:
Keywords: N/A deleted, tor-client added

Trac:
Component: Tor Client to Tor

closed

mentioned in issue #3024 (closed)

moved to tpo/core/tor#2474 (closed)