Re: [cryptome] Re: [cryptography] Cryptome’s searing critique of Snowden Inc.

Rayzer Rayzer at riseup.net
Mon Feb 15 19:22:26 PST 2016


On Mon, Feb 15, 2016 at 5:45 PM, coderman wrote:
> the assumption that your malware laden WinXP box can run "Tor Browser"
> and be secure,
> is laughable. we're finding more than ever that personal security,
> operational security, and information security are all tied up in
> complex interdependence. Tor doesn't even try to address this, because
> frankly, no one has...

The biggest security risk by far is the user... With social network
engineering techniques they can even get you to believe you've done
something illegal when you haven't.


"Creating false memories of criminal activities using suggestive
interviews."

PDF, 11pgs:

https://nebula.wsimg.com/ce2babe46721a32c861f1a646c2836aa?AccessKeyId=AF62ECFBCD8F6D95BACE&disposition=0&alloworigin=1

-- 
RR
"Revolutionaries are dead men on furlough"



Michael Best wrote:
> Uh-oh, you're part of The Cabal now, coderman! 
>
> On Mon, Feb 15, 2016 at 5:45 PM, coderman <coderman at gmail.com
> <mailto:coderman at gmail.com>> wrote:
>
>     On 2/14/16, Malcolm Matalka <mmatalka at gmail.com
>     <mailto:mmatalka at gmail.com>> wrote:
>     >...
>     > Can you go into some detail on this?  I was always under the
>     impression
>     > that the Tor code was open source and heavily audited.  Is the
>     critique
>     > that this is not true or something else?
>
>
>     clarification in order.
>
>     1) government funding of Tor means they get dibs on development
>     priorities.  censorship circumvention over dead-easy Tor Routers.
>     Translations in Tor Browser over endpoint-hardened solutions like
>     Whonix-Qubes around your Tor Browser. etc, etc.  this does not imply
>     the Tor code itself is made vulnerable. For example, 8 hour patch on
>     control port vuln, and first to force disable RDRAND-sole-source in
>     OpenSSL. not the behavior of group at behest of NSA and IC...
>
>     2) critique of existing hardware and software in terms of strong
>     security against well resourced attackers. there is serious
>     vulnerability across the entire spectrum of technology. the assumption
>     that your malware laden WinXP box can run "Tor Browser" and be secure,
>     is laughable. we're finding more than ever that personal security,
>     operational security, and information security are all tied up in
>     complex interdependence. Tor doesn't even try to address this, because
>     frankly, no one has! it's the constantly evolving terrain of
>     specialized experts, long bought over to $Private or $Gov not Public
>     work.
>
>     3) Tor made trade-offs for end-user adoption and wide applicability.
>     we don't have have a fancy UDP Tor with traffic analysis resistance,
>     and some argue such a thing can't exist. this would be great to get
>     funded, but even past efforts have yielded detail around how much
>     remains to be researched, let alone implemented in proof-of-concept.
>
>
>     Tor well deserves their reputation for solid development in the public
>     interest, and their behavior regarding serious vulnerabilities is
>     exceptional across industry. actions above words, and they walk the
>     walk.  i am also glad to see their first fund raiser to diversify
>     sources of support haul in hundreds of thousands for use without
>     strings attached. more of this!
>
>
>     best regards,
>
>



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20160215/96173671/attachment-0003.sig>


More information about the cypherpunks mailing list