Re: [cryptome] Re: [cryptography] Cryptome’s searing critique of Snowden Inc.

Michael Best themikebest@gmail.com
Mon Feb 15 14:53:12 PST 2016


Uh-oh, you're part of The Cabal now, coderman!

On Mon, Feb 15, 2016 at 5:45 PM, coderman <coderman@gmail.com> wrote:

> On 2/14/16, Malcolm Matalka <mmatalka@gmail.com> wrote:
> >...
> > Can you go into some detail on this?  I was always under the impression
> > that the Tor code was open source and heavily audited.  Is the critique
> > that this is not true or something else?
>
>
> clarification in order.
>
> 1) government funding of Tor means they get dibs on development
> priorities.  censorship circumvention over dead-easy Tor Routers.
> Translations in Tor Browser over endpoint-hardened solutions like
> Whonix-Qubes around your Tor Browser. etc, etc.  this does not imply
> the Tor code itself is made vulnerable. For example, 8 hour patch on
> control port vuln, and first to force disable RDRAND-sole-source in
> OpenSSL. not the behavior of group at behest of NSA and IC...
>
> 2) critique of existing hardware and software in terms of strong
> security against well resourced attackers. there is serious
> vulnerability across the entire spectrum of technology. the assumption
> that your malware laden WinXP box can run "Tor Browser" and be secure,
> is laughable. we're finding more than ever that personal security,
> operational security, and information security are all tied up in
> complex interdependence. Tor doesn't even try to address this, because
> frankly, no one has! it's the constantly evolving terrain of
> specialized experts, long bought over to $Private or $Gov not Public
> work.
>
> 3) Tor made trade-offs for end-user adoption and wide applicability.
> we don't have have a fancy UDP Tor with traffic analysis resistance,
> and some argue such a thing can't exist. this would be great to get
> funded, but even past efforts have yielded detail around how much
> remains to be researched, let alone implemented in proof-of-concept.
>
>
> Tor well deserves their reputation for solid development in the public
> interest, and their behavior regarding serious vulnerabilities is
> exceptional across industry. actions above words, and they walk the
> walk.  i am also glad to see their first fund raiser to diversify
> sources of support haul in hundreds of thousands for use without
> strings attached. more of this!
>
>
> best regards,
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cpunks.org/pipermail/cypherpunks/attachments/20160215/b740350c/attachment.html>


More information about the cypherpunks mailing list