hi, ihave2p wrote (21 Aug 2014 18:21:28 GMT) : > In all honestly, I see no reason why anyone using Tails 1.1 should *not* use > i2p for > irc2p because the security issues in 0.9.13 had nothing to do with irc2p and > was > nothing more than an XSS related issue. Like any XSS issue, as long as one > doesn't > click on any suspicious links from users that they don't know while in irc, I > don't > foresee any problems.
I think that you're underestimating the impact of the issue, and overestimating the difficulty of setting up the attack. First, it's an XSS issue that allows the attacker to *deanonymize* users, which is one of the worst things that can happen in the context of Tails. Second, there are many other ways to get a user into visiting a given URL, and many other weak links than the one described above. So, I don't think that we should rely on I2P in Tails, for our contributors meeting, until a fixed Tails has been released. But once it's out (that is, starting with the October meeting), I'm all for trying this out! Cheers, -- intrigeri _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
