Uh-oh, you're part of The Cabal now, coderman!

   On Mon, Feb 15, 2016 at 5:45 PM, coderman <[1]coderman@gmail.com>
   wrote:

     On 2/14/16, Malcolm Matalka <[2]mmatalka@gmail.com> wrote:
     >...
     > Can you go into some detail on this?  I was always under the
     impression
     > that the Tor code was open source and heavily audited.  Is the
     critique
     > that this is not true or something else?
     clarification in order.
     1) government funding of Tor means they get dibs on development
     priorities.  censorship circumvention over dead-easy Tor Routers.
     Translations in Tor Browser over endpoint-hardened solutions like
     Whonix-Qubes around your Tor Browser. etc, etc.  this does not imply
     the Tor code itself is made vulnerable. For example, 8 hour patch on
     control port vuln, and first to force disable RDRAND-sole-source in
     OpenSSL. not the behavior of group at behest of NSA and IC...
     2) critique of existing hardware and software in terms of strong
     security against well resourced attackers. there is serious
     vulnerability across the entire spectrum of technology. the
     assumption
     that your malware laden WinXP box can run "Tor Browser" and be
     secure,
     is laughable. we're finding more than ever that personal security,
     operational security, and information security are all tied up in
     complex interdependence. Tor doesn't even try to address this,
     because
     frankly, no one has! it's the constantly evolving terrain of
     specialized experts, long bought over to $Private or $Gov not Public
     work.
     3) Tor made trade-offs for end-user adoption and wide applicability.
     we don't have have a fancy UDP Tor with traffic analysis resistance,
     and some argue such a thing can't exist. this would be great to get
     funded, but even past efforts have yielded detail around how much
     remains to be researched, let alone implemented in proof-of-concept.
     Tor well deserves their reputation for solid development in the
     public
     interest, and their behavior regarding serious vulnerabilities is
     exceptional across industry. actions above words, and they walk the
     walk.  i am also glad to see their first fund raiser to diversify
     sources of support haul in hundreds of thousands for use without
     strings attached. more of this!
     best regards,

References

   1. mailto:coderman@gmail.com
   2. mailto:mmatalka@gmail.com