[tor] Re: torservers.net future
coderman
coderman at protonmail.com
Thu Jun 18 16:31:32 PDT 2020
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, May 27, 2020 2:59 PM, John Young <jya at pipeline.com> wrote:
> Barton Gellman claims in Dark Mirror that NSA hacked Tor Browser
> Bundle. (pp.79-81). Snowden warned "disable the fucking Javasripts."
>
> https://twitter.com/Cryptome_/status/1265658170195804164
it's all about attack surface (to a lesser degree, hardening).
when FaceBook bought 0day dev against their own user, the weak link was a video player - not Tor Browser, not tor, nor Tails model, but a video implementation inside the security boundary of your nymity protections.
C.f.: https://www.schneier.com/blog/archives/2020/06/facebook_helped.html
best regards,
P.S. a deeper defensive posture, for example Qubes OS, would have rendered the video player exploit useless, as that constrained App VM would not have network egress. of course, add more money for VM escapes, etc. :P
and so it goes, ever onward...
More information about the cypherpunks
mailing list