@JessTheUnstill @bohwaz @punkfairie @ajsadauskas @tomiahonen @fuchsiii

Granted, @tails_live @tails / #Tails and @torproject / #TorBrowser are propably one of the best & most battle-tested options that are useable for #TechIlliterates...

• OFC #OpenBSD + #LynxBrowser forced through #Tor would be more #secure (on paper) but we can all agree it's neither feasible nor practical to expect "#Normies" to work within a 80x25 TUI and learn #BSD.

THAT'S NOT GOING TO HAPPEN!

If not for being absurd then for the fact that people need to get things done!

• And it's not as if I haven't taught people how to get started, ranging from having to crash-course someone remotely via chat to hand-on #CryptoParty sessions: If it's way more complex than an AKM chances are people won't stick with it!

So you can imagine how glad I was when @thunderbird merged #Enigmail into #Thunderbird so there's no more fiddling around getting #PGP/MIME to work!

@JessTheUnstill @bohwaz @punkfairie @ajsadauskas @tomiahonen @fuchsiii Exactly...

Coincidentially, that's why #Android (and #iOS) doesn't let users have #root access because billions of devices owned by mostly "#TechIlliterates" that hardly get #SecurityUpdates would be an even bigger risk if they didn't boot a locked-down #ROM image, thus only allowing for #malware in user-privilegued userspace!

• I'd even go so far that I'd wish for @torproject to basically merge fmr. #FirefoxOS / #KaiOS & @tails_live / @tails / #Tails to build a #privacy-focussed #ROM for #Smartphones and #Tablets i.e. "#TailsMobile" or sth.

Cuz having a mobile OS that shoves everything through #Tor and only allows #userspace-Apps in the form modern web technologies would be a big #security and #privacy gain.

• Not to mention #amd64 is on it's way out and inevitably they gotta have to transition to supporting #arm64 and eventually #RISCv-#64bit at some point.

"#TOR was created to hide spies"

This is undoubtedly the most promising Post-Quantum TLS deployment situation I have seen for #Tor since we started discussing it more actively in the team. Very exciting!

I hope that OpenSSL 3.5, when released, will make it into #Debian Trixie. That would make deployment of this so much more snappy and easy for the Tor network to upgrade, but that may be dreaming. The timelines here look quite difficult for that to happen, but let's hope.

OpenSSL, unlike BoringSSL, did not require us to make any additions to our codebase (BoringSSL required the PQ-KEM to be enabled explicitly via a function call): the ML-KEM is enabled by default, which will do wonders for adoption as OpenSSL 3.5 gets bundled in more and more OS distributions over time.

However, we did need to modify #Tor slightly to be less conservative with which TLS cipher suites it is willing to use. I will talk with the team about what we do here to get this fixed soon.

Lo and behold, #OpenSSL 3.5 (their upcoming LTS release) will come out here at the beginning of April, and it does indeed support some of these hybrid PQC schemes. Their recent beta2 announcement can be read here: https://openssl-library.org/post/2025-03-25-openssl-3.5-beta/ and their roadmap is at https://openssl-library.org/roadmap/index.html

Very excited by this work. Big kudos to the OpenSSL Team here! Already planning on giving this a spin with the C implementation of #Tor later this week to see how it goes!