> On Aug 10, 2015, at 2:00 PM, Philipp Winter <p...@nymity.ch> wrote: > > Vanity addresses encourage people to only verify the human-readable part > of an address before clicking on it. That creates a false sense of > security, which is already exploited by spoofed onion service addresses > whose prefix and suffix mimics the original onion address.
That does strike me as a risk.
That said, if an address is completely incapable, even hostile to validation by
human eyeballs, then what happens is “trust” migrates to using a bunch of tools
which are forgeable, spoofable, hackable, trojanable.
The resultant risk might be worse for its greater resistance to detection.
-a
ps: for an investigation of what happens when you build a “communities” app
around “non-human-readable” barcodes and without a discovery mechanism, see
this article; such innovation gives me great hope for humanity finding
solutions to apparently high-friction technologies, but it also clearly hampers
broader inclusiveness, the latter arguably being one of Tor’s most important
goals:
http://mashable.com/2014/10/24/hacks-facebook-rooms/
<http://mashable.com/2014/10/24/hacks-facebook-rooms/>
—
Alec Muffett
Security Infrastructure
Facebook Engineering
London
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
