If you were to trace the outputs of (e.g) keypresses in VNC over Tor
you would see that they differ from clearnet traffic, or even traffic over
simple Tor.
That’s what it has to do with any of that.
But that has nothing to do with GitHub. What I tried to illustrate was that interacting with the website through a browser, running the same JS as a local browser would, does not make any difference in regards to mouse/keyboard patterns.
That’s why your suggestion does not solve the problem. It only moves it to another machine, thus introducing an additional security issue.
This goal was a requirement that you had not previously stated.
IETF has stated it:
I have never suggested to break security in order to improve privacy. I have also discussed in detail why any of the proxy models you suggest are insecure.
So, the question remains.
Unlike some users here, I have always found it useful to ask questions
to try to understand what issue another user has, or understand exactly
what they think the issue is.
Good. Since I also find this approach useful, I hope you can answer my questions too (including those in other threads that remain unanswered).
I’ve spent (wasted?) considerable time listening back over this thread,
which has ranged widely.
So have I.
And so I am asking you to explain exactly what you think the issue
is, so that we can (possibly) make some progress.
I have already explained that multiple times. If you have any specific question that was not answered, I will answer it.
It does seem to me that you would like to have all the features of
GitHub,(and this Forum), which rely on JavaScript, without using
JavaScript. I could well be wrong about this, but that is the
impression I have.
You are approaching the issue with the assumption that I am somehow personally attached to those features. - I am not. I neither care about stars on GitHub, nor about likes of comments, colorful emoticons, pasting inline images inside messages, etc. I also doubt any developers are in desperate need for any of those.
As I said earlier, when alternatives are considered, features must be researched by those who would use them the most. For source hosting - devs, then part-time contributors, bug reporters.
I am asking you to explain clearly about this, because I think it
will help you to be clear about what the issues are, and that may
help everyone to move forward.
I am clear. I don’t know what exactly to clarify.
It’s obvious that we are making no progress as it is, and have made
none in the past 9 months.
I don’t quite understand what you mean by progress. I have already proposed a super simple temporary workaround. I have also looked for alternatives and mentioned some. That + your proxy suggestions are the only ones so far.
I find that you have said many things. I am trying to find out which
you think are important, and why, and which you think are stopping
folk from making contributions to Qubes.
I don’t know what may be stopping anyone in particular. I just know there are very good experts who would not want touch any privacy invasive technology for various reasons (personal, ideological, political, other). There is visible overall interest in privacy in the community as a whole.
Important issues:
- security (no MITM, decrypting, requiring trust in infrastructure)
- no censorship on platforms (so everyone can use them)
- no personal data unless absolutely required (e.g. for donations)
I am struggling to understand why proxying through a web form would
address the many issues you have raised, and why you think some are
more important than others.
It allows to use GitHub without direct access to it - no account, no tracking technology.