[Noisebridge-discuss] Anti-piracy / anti-Pirate Bay law currently in Congress
Andy Isaacson
adi at hexapodia.org
Tue Sep 28 06:10:00 UTC 2010
On Mon, Sep 27, 2010 at 11:33:03PM -0500, Thomas Stowe wrote:
> There's a bit of an educated guess that I agree with that Tor is
> compromised.
Healthy paranoia is healthy, of course, and no system is perfect (well,
maybe TeX 3.1415926 is getting close), but your guess seems more "wild"
than "educated" to me.
> The Navy was doing stuff with it
In fact, the Naval Research Lab was a primary funder and developer of
Tor from quite early on. They've mostly ended their involvement for
reasons that have little to do with the politics of privacy.
(Researchers move on, funding priorities move elsewhere, ...)
> and then there were some
> documents leaked to wikileaks because of an exit-point exploit
There was a grey-hat paper published based on sniffing a bunch of
traffic on a smallish volunteer exit node. News flash: if you ask
someone else to deliver your traffic for you, they can (note, *can*, not
*will) look at it if they please -- unless you also use end-to-end
encryption and verify keys out of band.
Not much of an exploit.
> and I'd
> hazard to guess that anyone after that would've used the power of authority
> to cause the EFF and others to put backdoors in their privacy software and
I'm curious how you think that would work, on so many levels.
Tor is fully open source. Introducing a backdoor and not being detected
is hard. Quite a few sophisticated hackers, from many free
jurisdictions, work on the source code. It only takes one of them to
post a credible statement to or-dev@ for the cover to be blown.
The EFF is one of the most visible computer privacy organizations in the
world. Trying to strongarm them into ... anything ... would result in
that information leaking, through any of a dozen channels.
> also full access to source. There are a few softwares like JAP (Jondonym)
> that have been required to put a backdoor in that can be activated with a
> warrant.
Indeed, as has hushmail. If you depend on server-hosted or
closed-source solutions for security, you'd better have more money than
your adversaries. Me, I prefer to depend on publicly vetted software,
configured in a sensible manner.
> The information transmitted in this communication is intended only for the
> person or entity to which it is addressed and may contain confidential
> and/or privileged information. Any review, retransmission, dissemination,
> copying or other use of, or taking of any action in reliance upon, this
> information, or any part thereof, by persons or entities other than the
> intended recipient, is strictly prohibited and may be unlawful. If you
> received this in error, please contact the sender immediately and delete and
> destroy this communication and all copies thereof, including all
> attachments.
By posting to a Noisebridge list, you're agreeing to license your posts
under a CC-BY-NC-SA 3.0 license. Please stop pretending otherwise in
your pseudo-legalese.
Thanks,
-andy
More information about the Noisebridge-discuss
mailing list