Opened 9 years ago

Closed 8 years ago

Last modified 7 years ago

#2474 closed enhancement (fixed)

Confusing log about "experimental software" with stable versions

Reported by: axe Owned by: nickm
Priority: Medium Milestone: Tor: 0.2.3.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: tor-client
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Wouldn't you consider that notice message "This is experimental software" in the log is rather confusing when user works with a stable release?
What would it take to get rid of it?

It also contradicts to common sense and terms of "experimental" projects of Tor...

Child Tickets

Change History (30)

comment:1 Changed 9 years ago by phobos

Tor as a concept and design is experimental.  The software itself may be stable with features that don't change between point releases.  Anonymous communications is a relatively new field of research, especially when applied to the Internet; see http://freehaven.net/anonbib/.  Tor's designs and concepts are changing in response to research.  "Strong anonymity" is loosely defined as something that can defend against all known attacks.  Strong anonymity doesn't exist, yet.  Until Tor can successfully defend against all attacks, it is considered experimental.

comment:2 in reply to:  1 Changed 9 years ago by axe

Type: defectenhancement

Replying to phobos:

Tor as a concept and design is experimental.  The software itself may be stable with features that don't change between point releases.  Anonymous communications is a relatively new field of research, especially when applied to the Internet; see http://freehaven.net/anonbib/.  Tor's designs and concepts are changing in response to research.  "Strong anonymity" is loosely defined as something that can defend against all known attacks.  Strong anonymity doesn't exist, yet.  Until Tor can successfully defend against all attacks, it is considered experimental.

Well, I can understand that a concept and design is experimental. But the message doesn't refer to the concept and design. It says that the software itself is experimental. Don't you see a confusion here while running the comprehensively tested program?

comment:3 Changed 9 years ago by axe

Owner: set to axe
Status: newaccepted

Why not change the notice message to say "This is an experimental concept"? Or "This is experimental software by means of concept and design"?

Please understand that the current "as is" message is used by some Tor "critics". I know it's kinda weak argument, but why should it be kept in place when it could be pulled away?

comment:4 Changed 9 years ago by nickm

We've changed the message a few times before; no reason we can't change it again. In particular It might be a good idea to replace it with something more constructive that tells people what Tor can and can't do, and where to find more info about our actual threat model, and why they should care about what the threat model is.

comment:5 Changed 9 years ago by axe

How would you like such edition as

"This is an experimental concept. Learn more about what Tor is for and what Tor can't do at https://www.torproject.org/about/overview.html" ?

comment:6 Changed 9 years ago by arma

Hmm. I originally put that message in because I wasn't confident about Tor's code security.

We're a long way from that point now.

I wouldn't want to say that Tor is an experimental concept -- I'd say at this point it's a quite well-accepted approach.

My original goal with the warning was two-fold: a) this software may not actually implement the Tor design correctly, and b) do not assume from the hype around Tor that it is perfect in all ways no matter how you use it.

I think point 'a' is obsolete now -- there are plenty of remaining bugs, sure, but for the most part I think it's pretty good. Certainly it compares favorably with the other options out there, in terms of transparency, in terms of anonymity it can provide, and in terms of anonymity it *does* provide.

As for point 'b', we might try to focus the message in on this issue, e.g. by pointing to
https://www.torproject.org/download/download#warning

comment:7 in reply to:  6 Changed 9 years ago by axe

Replying to arma:

Hmm. I originally put that message in because I wasn't confident about Tor's code security.

We're a long way from that point now.

I wouldn't want to say that Tor is an experimental concept -- I'd say at this point it's a quite well-accepted approach.

My original goal with the warning was two-fold: a) this software may not actually implement the Tor design correctly, and b) do not assume from the hype around Tor that it is perfect in all ways no matter how you use it.

I think point 'a' is obsolete now -- there are plenty of remaining bugs, sure, but for the most part I think it's pretty good. Certainly it compares favorably with the other options out there, in terms of transparency, in terms of anonymity it can provide, and in terms of anonymity it *does* provide.

As for point 'b', we might try to focus the message in on this issue, e.g. by pointing to
https://www.torproject.org/download/download#warning

Great. Then may it simply say "Learn how to use Tor properly: https://www.torproject.org/download/download#warning" ?

comment:8 Changed 9 years ago by arma

Component: Development ProgressTor Client
Keywords: experimental removed
Milestone: Tor: 0.2.2.x-final

moving to 'tor client' so it doesn't get lost in the gutters of 'development progress', whatever that means.

comment:9 Changed 8 years ago by nickm

Owner: changed from axe to nickm
Status: acceptedassigned

comment:10 Changed 8 years ago by arma

We might want to ship the list of warnings from Tor's download page with Vidalia, so the user has a chance of learning about them even if they didn't get Tor from the download page. Opened as #3024.

comment:11 Changed 8 years ago by nickm

How about something like this for starters:

Tor $version, running on $uname. This is an alpha release; do not rely on it for strong anonymity.? Make sure that you understand how to use Tor safely -- see https://www.torproject.org/download/download#warning !

The part in square brackets? would only appear in alpha releases. Please revise and improve?

comment:12 Changed 8 years ago by arma

These are really long. I suggest two log lines:
"Tor $version, running on $uname"
which will look like
"Tor v0.2.3.0-alpha-dev (git-b0a7e0d6ca45bef3), running on Linux x86_64"
and then another
This is an alpha release; do not rely on it for strong anonymity.? Learn how to use Tor safely: https://www.torproject.org/download/download#warning

The first line will be particularly long on Windows, and those are many of the users that we want to see the second line.

I wonder if we might even want to break this into three lines (the middle one optional).

comment:13 Changed 8 years ago by nickm

Okay, so right now I'm at:

Tor $version running on $uname
This is an alpha release; do not rely in it for strong anonymity. ((ALPHA ONLY))
Tor can't help you if you use it wrong. Learn how to stay safe at https://www.torproject.org/download/download#warning

Improvements?

comment:14 Changed 8 years ago by nickm

Candidate in branch bug2474 in my public repository.

comment:15 Changed 8 years ago by arma

Branch looks ok to me.

Nick wanted to change 'can't' to 'won't' (also ok to me)

comment:16 in reply to:  13 Changed 8 years ago by rransom

Status: assignedneeds_review

Replying to nickm:

This is an alpha release; do not rely in it for strong anonymity. ((ALPHA ONLY))

s/rely in it/rely on it/

comment:17 Changed 8 years ago by asn

The thing is that now there is no message on Tor (website/binary/wherever) mentioning that Tor is a low-latency anonymity tool and should not be used for *strong* anonymity [1]

I'm not good with words so I can't help you with the phrasing but I still believe that there should be a "don't use it for strong anonymity" [1] or a link to a Tor threat model or something like "We recommend you to learn how and what Tor protects against, before using it."

[1]: Which is probably a subjective and although vague term, it probably gets a point across.

comment:18 Changed 8 years ago by nickm

Trying one more time. Suggested revised startup message for stable releases:

Tor $version running on $uname
Tor won't help you if you use it wrong. Learn how to stay safe at https://www.torproject.org/download/download#warning
Understand what Tor protects you from, and what it doesn't: please read (some URL here)

Suggested revised startup message for alpha releases:

Tor $version running on $uname
This is alpha software; be prepared for bugs, and do not rely on it for strong anonymity!
Tor won't help you if you use it wrong. Learn how to stay safe at https://www.torproject.org/download/download#warning
Understand what Tor protects you from, and what it doesn't: please read (some URL here)

comment:19 Changed 8 years ago by zkw

s/use it wrong/use it incorrectly/

comment:20 Changed 8 years ago by nickm

s/use it wrong/use it incorrectly/

Really? "Wrong" is a perfectly good adverb. Garner accepts it; Fowler recommends it; and the OED records adverbial use of "wrong" since Middle English.

comment:21 Changed 8 years ago by Sebastian

I can't comment on the grammar thing, but I like nickm's last suggestions (both stable and alpha)

comment:22 Changed 8 years ago by zkw

I don't mean any offence but to this particular pedant it sounds uneducated --- like something Val & Earl from "Tremors" would say.  Perhaps it's a British vs. American English thing, a regional thing, or just a personal thing.  If Fowler doesn't mind then I guess the only benefit of using 'incorrectly' is to avoid arguments with self-righteous pedants like me.

Nit-picking aside, limiting the use of the "strong" warning to alpha-quality releases looks good!

comment:23 Changed 8 years ago by nickm

Trying again. Velope on IRC suggests that we drop the "strong" sentence from alphas _and_ stable series, on the theory that somebody will interpret its absence to mean that this one does have the "strong" anonymity, for some value of "strong" not currently compatible with low-latency anonymity networks.

Tor $version running on $uname
This is alpha software. Be prepared for bugs!?
Tor won't help you if you use it wrong. Learn how to stay safe at https://www.torproject.org/download/download#warning
Learn what Tor protects you from and what it doesn't: please read https://www.torproject.org/about/overview.html

The part in brackets? is the alpha-only part.

comment:24 Changed 8 years ago by arma

Sounds good to me.

But here's another nit, since there are so many nits here already: when we're running 0.2.3.15-beta, are we going to call it 'alpha software' still?

Not that I have a better word. 'unstable' is bad. 'experimental' could be better. How about "This is not a stable Tor release."? or "This is a development Tor version." or "This Tor version is not a stable Tor release."

I'm slightly partial to the last one.

comment:25 in reply to:  23 ; Changed 8 years ago by arma

Replying to nickm:

Velope on IRC suggests that we drop the "strong" sentence from alphas _and_ stable series, on the theory that somebody will interpret its absence to mean that this one does have the "strong" anonymity, for some value of "strong" not currently compatible with low-latency anonymity networks.

I don't mind losing the phrase about 'strong' anonymity. Once upon a time, all the users of Tor were anonymity researchers. Expecting ordinary users to realize that the word 'strong' has some hidden meaning (one that is quite subtle even to anonymity researchers, I might add!) is foolish at this point.

comment:26 in reply to:  25 Changed 8 years ago by nickm

Replying to arma:

Replying to nickm:

Velope on IRC suggests that we drop the "strong" sentence from alphas _and_ stable series, on the theory that somebody will interpret its absence to mean that this one does have the "strong" anonymity, for some value of "strong" not currently compatible with low-latency anonymity networks.

I don't mind losing the phrase about 'strong' anonymity.

Then instead, how about "This is not a stable version of Tor. Expect bugs, possibly severe." ?

comment:27 Changed 8 years ago by nickm

Milestone: Tor: 0.2.2.x-finalTor: 0.2.3.x-final
Resolution: fixed
Status: needs_reviewclosed

On second thought, this has been bikeshedding for long enough. Making the changes I like, and merging. Please make more changes if you like. :)

comment:28 Changed 7 years ago by arma

I used the same rationale to remove the "this is experimental code" paragraph from the tor deb's text.

comment:29 Changed 7 years ago by nickm

Keywords: tor-client added

comment:30 Changed 7 years ago by nickm

Component: Tor ClientTor
Note: See TracTickets for help on using tickets.