Opened 6 years ago

Closed 4 years ago

#8655 closed defect (not a bug)

replace link to gnupg.org/related_software/frontends.html

Reported by: proper Owned by:
Priority: Medium Milestone:
Component: Applications/GetTor Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

The link http://www.gnupg.org/related_software/frontends.html is confusing, perhaps even dangerous, for non-techy users who never heard about gpg.

The list starts with GUI Frontends, Cryptophane, which links to google code, which is (self-)censored in many areas. [1] The next item, Gajim, is a messenger, but can't verify files, therefore misleading. Seahorse links to sourceforge, which is also (self-)censored in many areas. [2] Seahorse is a key management gui and can't verify files...

All links lead to non-https sites. Since gettor users can't reach torproject.org it's not hard to assume, that they also can't reach any pages with encryption (gui fronted) tools, or worse, that those websites are victim of man-in-the-middle attacks spreading malicious software.

The link should point to another website, ideally HSTS or better with certificating pinning in Firefox and Chrome. Such a website has probable yet to be created. Psiphon [3] uses amazonaws.com. Using amazonaws as well would be a good compromise? (If SSL works well and censors are unlikely to censor amazonaws?)

The new list should be short, one example per operating system with a verification gui known to work is enough. And the recommended frontend should be downloadable from that page as well.


[1] Users residing in countries on the United States Office of Foreign Assets Control sanction list, including Cuba, Iran, North Korea, Sudan and Syria
[2] https://sourceforge.net/blog/clarifying-sourceforgenets-denial-of-site-access-for-certain-persons-in-accordance-with-us-law/
[3] https://s3.amazonaws.com/0ubz-2q11-gi9y/en.html

Child Tickets

Change History (2)

comment:1 Changed 6 years ago by proper

Parent ID: #5996

comment:2 Changed 4 years ago by isis

Parent ID: #5996
Resolution: not a bug
Status: newclosed

https://gettor.torproject.org/ no longer exists, and, as I've understood it, ilv is rewriting the gettor source code and grepping for that link doesn't find anything, so I'm going to close this ticket.

Note: See TracTickets for help on using tickets.