‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Wednesday, May 27, 2020 2:59 PM, John Young <jya@pipeline.com> wrote:
Barton Gellman claims in Dark Mirror that NSA hacked Tor Browser Bundle. (pp.79-81). Snowden warned "disable the fucking Javasripts."
it's all about attack surface (to a lesser degree, hardening). when FaceBook bought 0day dev against their own user, the weak link was a video player - not Tor Browser, not tor, nor Tails model, but a video implementation inside the security boundary of your nymity protections. C.f.: https://www.schneier.com/blog/archives/2020/06/facebook_helped.html best regards, P.S. a deeper defensive posture, for example Qubes OS, would have rendered the video player exploit useless, as that constrained App VM would not have network egress. of course, add more money for VM escapes, etc. :P and so it goes, ever onward...