Re: [Bug-gnuzilla] I am really getting sick of this. Goodbye

[Julie Marchant]

On 03/24/2017 07:09 AM, address@hidden wrote:
> I point out your missteps in logic

Where did you do this, and what "missteps in logic" are you talking about?

> you suddenly shift your argument if I may call it that to the opposite of 
> what you appeared to originally intend to say.

What did you perceive me as originally intending to say, and what part
of my message made you perceive that?

> you don't actually want to provide a logical argument that shows any facts 
> and reasons why what I said wasn't good enough for you.

I didn't respond to your email to argue against it. I responded to your
email to ask you to stop flooding my mailbox, as at the time you had
sent eight emails in quick succession for no good reason.

I did of course argue against what you were saying, but it's a very
simple argument that you could easily refute if you are on the side of
truth:

1. There is no evidence to support your hypothesis.

2. There is no reasonable motivation for any known party to do what you
suggest.

I can't prove that there isn't a conspiracy going on any more than you
could prove that the tooth fairy isn't real. But you can either show
evidence that supports your hypothesis, or at least start by showing a
credible motivation someone could have to want to sabotage IceCat and
not, say, Tor Browser.

> I love it how everyone is mentioning TOR but they all fail to mention the 
> important details like how extremely slow it is, the lack of functionality, 
> and how many times it has been compromised. thanks for the suggestion but I'm 
> very proud of what the creators of icecat have done.

Matters of convenience like how fast the browser don't matter in this
discussion, because if a malicious party wants to sabotage users'
privacy, they will go for the more popular option no matter how
convenient it is for the users, and given the lack of attention IceCat
has gotten anywhere outside of our little circle and the boost in
attention Tor Browser has gotten from the Snowden revelations, Tor
Browser appears to be more popular. If you have any evidence to show
that IceCat is actually more popular than Tor Browser, please feel free
to present it.

In what way is IceCat more secure than the Tor Browser Bundle? These are
the facts I can see:

1. IceCat is frequently behind its upstream, Firefox, on updates.

2. IceCat includes LibreJS, which selectively stops scripts from
executing based on the presence or absence of a license statement in a
particular format. This means that any malicious party can convince
IceCat to execute JavaScript simply by lying about the license, or
(because the JavaScript infrastructure doesn't enable forking of a
website's JavaScript code, and LibreJS doesn't even support blocking any
scripts it detects as libre) simply making the script libre and keeping
in the malicious functionality. I explained this in my essay,
"Proprietary JavaScript: Fix, or Kill?"[1] Therefore, LibreJS cannot
reliably be protective against any sort of malicious JavaScript code;
its only protective effect is "security through obscurity".

3. When using Tor, IceCat blocks all requests for things like images,
unlike Tor Browser. This makes it possible for any website to
distinguish between Tor Browser and IceCat simply by embedding an image
onto the Web page and seeing whether or not the image was sent at the
time the Web page was loaded.

4. Other than LibreJS, which (as I explained) can easily be subverted,
IceCat offers no protection against malicious scripts except for what is
built into Firefox already. In particular, NoScript is not included.
Even when it allows all scripts to execute, NoScript provides certain
security features, such as protection against XSS attacks, which Tor
Browser benefits from.

5. IceCat and Tor Browser share the same upstream, Firefox ESR. This
means that, all other factors being equal, they should share the same
vulnerabilities. The least vulnerable of the two should be the one that
gets updated most promptly and most frequently, and that is Tor Browser.

Put together, all of these facts paint a picture that Tor Browser is not
only more private and more secure than IceCat, but substantially so. If
you have any evidence to the contrary, please show me what that evidence is.

[1] https://onpon4.github.io/other/kill-js/

-- 
Julie Marchant
https://onpon4.github.io

Protect your emails with GnuPG:
https://emailselfdefense.fsf.org

signature.asc
Description: OpenPGP digital signature