> I'm just asking here - other than entities (gov'ts?) targeting anonymity > software (for now) what prevents this issue from becoming widespread? > If I download an update from MS - how do I know it's the authentic pkg > from the real MS? There's no authentication (or even check sums) for > d/l Firefox, IE. Only a small % of all developers offer these > capabilities.
Hi, AFAIK Microsoft does an automated hash or signature check in the background to test that your downloaded packages are unmanipulated. Mozilla offers you md5 sums and - more recommended - sha1 sums along with the offical key to check the integrity of downloads: http://releases.mozilla.org/pub/mozilla.org/firefox/releases/6.0.1/ Greetings, Netizio _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
