1. 72
  1. 10

    This article is brutal and blunt and I love it. Posting it here is preaching to the choir, but maybe that helps it get wider distribution.

    1. 14

      I wouldn’t even call it preaching to the choir - I think that most people who are concerned with computer security understand, at least abstractly, that part of the problem with creating secure computer systems is creating security systems that ordinary, non-technical people will actually use. This article is valuable because of the specific observations it makes about non-technical people who are busy with things other than their computer systems, and what security practices they can or cannot easily be made to use.

      “Telling people to just use Signal works”, “1password is surprisingly hard to get working”, “People running for elective office will leave their unlocked computer in public in the care of a rando they just met who claims to be a security expert”, these are useful insights to be aware of if you want to build computer systems that are secure when non-experts use them.

    2. 4

      From the linked advice page:

      Avoid Safari and Firefox. Under no circumstances use the Tor browser (it’s okay to use Tor, but do it with Chrome, and seek additional training on how to set it up).

      I guess Chrome was chosen for U2F reasons.. well, thankfully a few days ago Firefox enabled security.webauth.u2f for all users out of the box, and Google registration works :)

      But.. what the hell is that second part?

      I myself use Tor in regular Firefox most of the time, because I don’t need anonymity and all I want is to obscure my home IP address, but Tor Browser is THE ONLY way to achieve anonymity. Only Tor Browser goes out of its way to defend against all known fingerprinting methods. Why would anyone say to NEVER use it?!?

      1. 10

        I’m not really in a position to endorse or dispute these opinions, but I will relay them:

        1. Thomas Ptacek said Tor Browser was possibly the least secure browser, though he didn’t elaborate nearly as much as I wish he had. However I do gather that is/was a common opinion https://news.ycombinator.com/item?id=14251139
        2. Exploit broker The Grugq argues that using Tor Browser puts a bit fat “target me” sign on you.

        P.S I do think the Firefox advice is probably dated. They’ve made a lot of progress.

        1. 6

          Fingerprinting isn’t a problem in this specific threat model. Being a day late with security patches is a huge one.

          1. 7

            More precisely: these users are subject to targeted attacks (to steal their money or discredit their campaign). Tor browser protects you from global, passive attacks.

            1. 3

              AFAIK Tor does not protect against a global passive adversary. See e.g. https://www.torproject.org/docs/faq.html.en#AttacksOnOnionRouting or https://arxiv.org/pdf/1703.00536v1.pdf The Loopix Anonymity System, Table 2 compares anonymity systems on page 13.

              1. 4

                Tor protects you from a global passive adversary in the same way that body armor protects you from bullets.

                You might still prefer not to get shot at…

          2. 9

            He has a bad habit of doing argument from authority on stuff like that. Ego tripping. If one wants to save time, better to have links they can quickly pull up for any topic. Then, the audience gets enough information to evaluate the claim for themselves while the person helping them gets it done quickly. In this case, it appears the Tor Browser has vulnerabilities the regular browser doesn’t have due to update lag.

            His mention of collecting high-value targets is implying that those targeting them are incentivized to spend large sums of money on exploits for attacking them. Probably already have them for major browsers. Last thing you want to be is a possible, high-value target using an unpatched version of a tech they have exploits for. It makes things easier, not harder, for the high-strength attackers. If you use Tor, it should be with the most up-to-date components. If concerned for fingerprinting, use it on a vanilla-looking OS or configuration that’s really popular. If that is risky, adjust your usage habits accordingly.

            1. 9

              The context is that he’s talking to non sophisticated users who are worried about being hacked, not trying to convince people who already have opinions about information security. I don’t think there’s a way around presenting that kind of piece as an appeal to authority.

              I’d personally get more out of an in-depth companion piece, but it’s not really relevant to his goals.

              1. 4

                The context of tptacek’s recommendation is Hacker News where most users are technical, he had detailed information on lots of topics, he became a celebrity (their No 1), and he since does dismissals of counterpounts without evidence all the time. Occasinally, he references his status or connections as reason to listen. I always told him none of it matters to me: evidence first whether obscure or famous.

                That he’ll spend a lot of time in the discussions but argue around providing evidence shows it’s an ego thing. I got my karma there initially by countering such celebrities with claims linking to evidence. I think the RSA patents argument was closest he did to providing a pile of citations. I had to work to get that out of him. I always had to nearly force him to provide evidence or he just disappeared the second I did myself like secure browser debate.

                1. 7

                  I think we’re referencing different people there. I meant Maciej, who I took to be the person providing the advice page (I suspect he probably conferred with Thomas about it, but I think it’s still in his name).

                  As for Thomas, I definitely would prefer if more of his comments were longer and provided more justification. However, it’s not like he’s given no justification in various threads. It’s true that Tor Browser had a weird update cycle, it’s true that it was a potential target mark/monoculture for sensitive targets, and it’s also true that Firefox didn’t have as much sand boxing back in 2017.

                  1. 9

                    yeah, this isn’t accurate, and I’ve tangled with tptacek any number of times over there. Also, maybe don’t import that bullshit over here, theres no need, whatsoever, to run through everyones grievances with other accounts on a completely separate, and at least over here, highly disliked website. Its not an ego thing, for one, and for another, given that I’m someone who has absolutely been in a position to care about things like this, I’m grateful he does what he does over there. Everything in regard to computer security, from him, in regard to things I care about enough to follow up on, has proven to be correct.

                    1. 3

                      Oh sure. If I wanted drama, I’d have tagged him in the comment. I’d rather not bring drama here. Just letting the other commenter know the omission was deliberate and to just do their own digging when he does that.

                2. 4

                  He covers this in this post, about providing simple answers that cover the most ground to avoid decision paralysis. I think in other communication channels he’ll be more willing to talk details, but “just buy an iphone” is to a first degree the best advice in this context, as well as “just use chrome” (it’s all in google docs anyways!)

                  The security issue with the Tor Browser is extremely bad. I can sit around ,wait for a FF exploit, and immediately use it on a bunch of people for probably at least 24 hours. It’s so dangerous for any political campaign

              2. -1

                Is democracy secure if only the Republicans are hacked?

                1. 9

                  The author definitely writes as if he is a partisan Democrat who consults for Democratic campaigns and not Republican ones because that’s the political party he supports (although he did name-drop the Green party). The lessons from the article are certainly as applicable to Republicans as they are to Democrats, or to other parties in other political systems, or to organizations that have nothing to do with electoral politics.

                  1. 17

                    He even encouraged Republicans to send in their stories. Ultimately, whether you like Republicans or not, we should probably secure all the elections so the citizens are the ones choosing the candidate. Whoever subverts an election is probably not trying to give us the representatives we want to live under. They might be much worse.

                    1. 1

                      It would be better, I think, if the professionals who are offering this advice would offer it to both major parties (and the non-extreme minor parties), but it is their free advice and hence their call.

                      It would be better for our republic, though, if the profession offered this as a public rather than a partisan service. Partisanship is killing us.

                      1. 15

                        It would be better for the republic if the people who need this advice valued it and listened to it. The advice is written out here for all to read, regardless of party.

                        1. 3

                          Yeah, exactly. It’s not realistic for any one person or organization to offer trainings to both major parties, at least not in the US - imagine the trust issues it would raise. Writing it down is the closest that’s possible.

                          1. -1

                            here, here