> On Aug 10, 2015, at 2:00 PM, Philipp Winter <p...@nymity.ch> wrote: > > Vanity addresses encourage people to only verify the human-readable part > of an address before clicking on it. That creates a false sense of > security, which is already exploited by spoofed onion service addresses > whose prefix and suffix mimics the original onion address.
That does strike me as a risk. That said, if an address is completely incapable, even hostile to validation by human eyeballs, then what happens is “trust” migrates to using a bunch of tools which are forgeable, spoofable, hackable, trojanable. The resultant risk might be worse for its greater resistance to detection. -a ps: for an investigation of what happens when you build a “communities” app around “non-human-readable” barcodes and without a discovery mechanism, see this article; such innovation gives me great hope for humanity finding solutions to apparently high-friction technologies, but it also clearly hampers broader inclusiveness, the latter arguably being one of Tor’s most important goals: http://mashable.com/2014/10/24/hacks-facebook-rooms/ <http://mashable.com/2014/10/24/hacks-facebook-rooms/> — Alec Muffett Security Infrastructure Facebook Engineering London
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev