Are the security risks introduced by Vidalia-like tools worth it?
In #9366 (closed) we have concluded that as long as we run Vidalia (or anything
similar, like Tor Monitor in the future) we must assume that a
compromised amnesia
user also means that the attacker has full access
to Vidalia and hence Tor’s full circuit/connection state.
It seems we have two options:
- Prefer security: uninstall Vidalia, scrap the Tor Monitor plans, and never enable the circuit view in the Tor Browser.
- Prefer usability: keep Vidalia/Tor Monitor, and then we can also enable the circuit view in the Tor Browser.
- (Secret third option: make this configurable in the Greeter… eh. :S)
Let the battle between security nerds and UX people begin!
Related issues
- Related to #6841 (closed)
- Related to #12213
- Related to #9365
Original created by @anonym on 10339 (Redmine)