[Pkg-privacy-maintainers] Bug#845989: Bug#845989: marked as done (browser can't be downloaded because of invalid SSL certificate)
Antoine Beaupré
anarcat at debian.org
Sun Nov 27 15:39:16 UTC 2016
Control: reopen 845989
Control: forwarded 845989 https://github.com/micahflee/torbrowser-launcher/issues/254
On 2016-11-27 09:54:06, Holger Levsen wrote:
> thanks for your bug report, but I fear…
>
> On Sun, Nov 27, 2016 at 05:30:21PM +0300, Mikhail Kshevetskiy wrote:
>> Trying to start torbrowser for the first time produce the following message
>> The SSL certificate served by https://www.torproject.org is invalid!
>> You may be under attack.
>
> … you've been attacked.
I beg to disagree. I doubt that M. Kshevetskiy has been, in this case,
individually targeted for attack.
That is not how tor works: if he was able to build a circuit (which
seems to be the case here), then the exit node is not supposed to know
who he is, unless the tor network is compromised in a novel way, or some
very powerful actor is running a correlation attack.
I think it is more likely that it is a transient error that is due to a
compromised exit node.
> https://jenkins.debian.net/view/torbrowser/job/torbrowser-launcher_test_on_unstable_amd64/429/console
> was just run successfully, showing no signs of an invalid certificate.
>
> https://jenkins.debian.net/view/torbrowser/job/torbrowser-launcher_test_on_unstable_amd64/429
> has screenshots and a video too.
>
> That test was done 10min ago.
Just because the tests passed on CI don't mean everything is fine. I
have experienced this bug as well, and it is a transient error:
restarting the tor browser fixed the issue for me.
> Closing as not a bug.
I am reopening this bug. It has been forwarded upstream, where I have
brought more suggestions on how to improve the user experience here.
A.
--
Be who you are and say what you feel
Because those who mind don't matter
And those who matter don't mind.
- Dr. Seuss
More information about the Pkg-privacy-maintainers
mailing list