-
Notifications
You must be signed in to change notification settings - Fork 88
FAQ
TFC attempts to be as easy to audit as possible, and readability is one of Python's core values. Python also ensures re-distribution of the program is always done as source code (yes, someone might distribute bytecode, but the decompilation is trivial). CPython is also audited and found well written and secure. It's also the case "the Python Software Foundation and the Python developer community take security vulnerabilities very seriously".
Limiting the direction of data flow with just one Tx-Rx pair and GND wire is certainly possible. It is, however, hard to guarantee the serial chip's behavior, i.e., that it cannot somehow read from Tx-pin or send from Rx-pin. Data diode limits direction of data flow with the fundamental laws of physics. This approach also eliminates power analysis attacks of Source and Destination Computer from Networked Computer and protects the split TCB from voltage spikes.
End-to-end encrypted apps are better because it is easier to get people use them. Why advocate something this complex?
End-to-end encryption on a networked system might be more usable, and it does increase the security of all users in a relative sense. However, unless the increased security stops the adversary, the benefit is inadequate. Security that stops determined attackers will always involve more rules, layers, and inconvenience.
TFC is a step back in usability and not a guaranteed solution, but its security architecture provides a level of security no app can ever provide. That being said, TFC is the most convenient tool for anyone who considers adversaries, that hack endpoints to defeat end-to-end encryption, part of their threat model.
There is no business model. TFC is FOSS+FHD for freedom. Here's the deal:
- We pay
- for development out of our own pocket
- no overhead costs for development as
- GitHub hosts the code
- The CI environments etc. are free for non-commercial use
- no rent on infrastructure as there is none (Tor Project manages the HSDirs etc.)
In return we get the feeling of contributing something actually worthwhile to the society.
- You pay nothing with your data as none whatsoever is collected. Instead you pay
- the required hardware from vendors of your own choosing
- the electricity bill for keeping the endpoint powered on when you want to be reachable
- the bill for your broadband connection
- with your time to learn how to use the system securely by reading the documentation
- hopefully with a donatation to the Tor project. This benefits everyone, including all TFC users as well as other great projects like Tor Browser, OnionShare, Cwtch, Briar, and SecureDrop.
In return, you get the most secure messaging system out there.
Computers, accessories, and components ordered from manufacturers or subcontractors or the finished products shipped to customers or retailers made by a company might be subjected to interdiction by nation-state actors. Additionally, a company selling the products might be coerced by the government to add a backdoor under the pretext of national security. Security-wise, it is better to distribute TFC design to users who can buy inconspicuous, commercial, off-the-shelf hardware of their choosing, and build the data diodes themselves. An ideal finished product is a well-written software and a guide on how to setup the hardware, install TFC, and use it securely.
No. It just means the pinned version of at least one dependency is not the latest release anymore.
Each dependency in non-developer installation configurations uses a pinned hash, which means that the user uses the same exact dependency as us. This protects users from targeted attacks where e.g. crypto libraries are replaced with backdoored versions during installation. (It does not protect against backdoors injected to the actual library however.)
That being said, if the requirements badge shows that the libraries are insecure...
...that's when you should not install TFC and wait for the dependencies to be updated. Would it ever occur, the fix would be done within minutes, hours, or at most, days.