-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
Twitter gone mad last night with news and assumptions regarding the arrest of the Silk Road presumed owner. Now, a lot of stupid things were spread like Tor has been broken, Bitcoin has been broken, so on. All experts here know the caught of that guy had nothing to do with Tor's security - it was pure human error and detective work (not hack or computer-technical) required to catch him. Nothing can protect you if you use your legal full name. This is off-topic to this mail list so I won't go into specifics. What was really interesting was how did they discover the location of the server where the hidden service was running. Again, I assume nothing to do with Tor. What I assume is that they found some kind of exploit into Apache, IIS or whatever web server was running on that computer and made it to "spit" it's real public IP address. Then it was just a matter of going where the server was physically and cloning and etc. ! Conclusion: Since Tails is no #1 anonymity live linux using Tor, with PGP / GPG encryption incorporated I think it will be wise, nice and recommended to build in the next version of Tails a "Secure Web Server" or something like this which will enable users to run hidden services on Tails with the piece of mind that the web server is properly secured and it cannot be exploited in order to "spit" the real IP address of the server or any data about the site which should not be known to third parties. Also, bitcoin-qt with improvements to work on Tails and only via Tor would be a great thing for all Tails users. This will attract more users to Tails since it would be used on both client-side and server-side and, also, most important, be what Tails is expected to be : no #1 anonymity distro based on Tor with all taken care of. Experts can choose whatever webserver they want (the one which is most easy to make it bulletproof): Apache, nginx, lighthttpd, etc. Hope to hear more opinions regarding this topic! Thanks! - -- PGP Public key: http://www.sky-ip.org/[email protected] ICQ #: 556561918 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSTaInAAoJEIN/pSyBJlsRp8gIAJLvokp4p034tJv7ghcP9hz1 alkMSsd6sojAB4npxuUD+gf9i6y/4x7amxnVsPE1UDj9tO3qOZtc22wx0wMVfjNV 0DICvtBUzt8VO/ZvW1tZM0nsJxFepdxMZmteZ59VBml1Gr+OG6C7HpDyi+gp9XEN KxVb9yZWxzaA8gmW1Ue4I8tZw+EusaKQjCWm3jP+zrPq6K9ebv90G8GA1ZXZtUGq uvr5yy6EXJDnuRMBBxM2uYr6AyDoiPnBgq4Gjm88JAjiZTE5jz4ZgI1XQZLNz9CG tAu+5B8xkqmF1+I2h6/hCSi2wWsYbEp1O/VJGaG6vOpvXZygANoA4FbSVNkerI8= =sx6W -----END PGP SIGNATURE----- _______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
