著者: intrigeri 日付: To: Public mailing list about the Tails project 題目: Re: [Tails-project] correctness of future Home and About pages
Hi,
sajolida (2020-01-14): > These weeks we are working with Andrés on the content and illustrations
> for the future Home and About pages.
It's awesome! \o/
> But I also wanted to check with you whether:
>
> * What I wrote is actually correct. Sometimes we have to find trade-offs
> between simplicity or standard over technical correctness. For
> example, we're switching from "almost any computer" to "any computer"
> on purpose. Or that Tails might be not be theoretically safe from all
> possible viruses ever, but in practice we want it to be. But you might
> be able to catch important bugs in my writing and this week would be a
> good time for that.
Three things:
- I'm a bit concerned that we're claiming that Tails can turn random,
untrusted hardware, into a "secure machine". Tails protects against
a compromised OS, but not against compromised hardware. And even
that is rather inaccurate: for example, a compromised OS can
downgrade the machine's firmware to re-introduce security flaws
that newer versions of said firmware have fixed. Good luck with
figuring out how to explain this :/
- In "The memory is securely deleted when shutting down", I'm not
sure what "securely" means. I think memory is overwritten with
zeroes, which should be good enough in practice, but does not
really match how "secure deletion" is usually understood in
similar contexts.
- I'm surprised by the "more than 6 000 relays" number but I trust
you checked this (at a time when there's no unusual situation or
DoS that would skew the numbers :)
> * What I wrote is something that we are fine displaying on our website,
> in terms of public relationships, ethics, alignment with our mission
> and values, etc.
Only one comment, but it's important to me: I feel uncomfortable
boasting about the diversity of our community. It's true that our
community includes lots of different people. But if one looks at the
current situation through the prism of statistics, sadly, this claim
does not reflect the facts. The current state of things is not good
enough, by far, for me to feel comfortable presenting it in
a positive light.