Uh-oh, you're part of The Cabal now, coderman! On Mon, Feb 15, 2016 at 5:45 PM, coderman <[email protected]> wrote:
> On 2/14/16, Malcolm Matalka <[email protected]> wrote: > >... > > Can you go into some detail on this? I was always under the impression > > that the Tor code was open source and heavily audited. Is the critique > > that this is not true or something else? > > > clarification in order. > > 1) government funding of Tor means they get dibs on development > priorities. censorship circumvention over dead-easy Tor Routers. > Translations in Tor Browser over endpoint-hardened solutions like > Whonix-Qubes around your Tor Browser. etc, etc. this does not imply > the Tor code itself is made vulnerable. For example, 8 hour patch on > control port vuln, and first to force disable RDRAND-sole-source in > OpenSSL. not the behavior of group at behest of NSA and IC... > > 2) critique of existing hardware and software in terms of strong > security against well resourced attackers. there is serious > vulnerability across the entire spectrum of technology. the assumption > that your malware laden WinXP box can run "Tor Browser" and be secure, > is laughable. we're finding more than ever that personal security, > operational security, and information security are all tied up in > complex interdependence. Tor doesn't even try to address this, because > frankly, no one has! it's the constantly evolving terrain of > specialized experts, long bought over to $Private or $Gov not Public > work. > > 3) Tor made trade-offs for end-user adoption and wide applicability. > we don't have have a fancy UDP Tor with traffic analysis resistance, > and some argue such a thing can't exist. this would be great to get > funded, but even past efforts have yielded detail around how much > remains to be researched, let alone implemented in proof-of-concept. > > > Tor well deserves their reputation for solid development in the public > interest, and their behavior regarding serious vulnerabilities is > exceptional across industry. actions above words, and they walk the > walk. i am also glad to see their first fund raiser to diversify > sources of support haul in hundreds of thousands for use without > strings attached. more of this! > > > best regards, > >
