Crypto: > On 8/5/2013 1:29 PM, Andrew F wrote: >> Is Tor still Valid now that we know the nsa is actively >> exploiting holes in technology anonymity tools? We know that Tor >> and hidden services has issues, not to mention the whole >> fingerprinting problems. >> >> Is Tor too vulnerable to trust? Watch the video below. >> >> XKeyscore http://www.youtube.com/watch?v=TSEbshxgUas >> > > I'm curious as to why everyone is so intent on blaming Tor itself? > Tor was not exploited. It was a hole in FF 17 in conjunction with > the application running behind the hidden service. It's like saying > "My car got a flat tire! Should I ever drive again?" I agree that > the exploit was a bad one and in turn it's a big security issue. > But if we're going to point fingers let's not point at Tor. Let's > focus on the underlying issue(s) that caused this to happen. FF 17 > was the target, not Tor. Mozilla has addressed the issue.
Because The Tor Project (TPO) ships the Tor Browser Bundle, which includes Firefox. TPO is being blamed for leaving javascript enabled by default. And for not shipping a hardened text-only browser. And for not shipping the most secure operating system (yet to be implemented). On the other hand, if TPO focused on security in past at cost of usability, the people complaining know maybe wouldn't even know that Tor existed. See this attack as an reminder and reality check. Tor is not as safe as many people kept preaching. We need safer anonymity networks, safer operating systems, more educated users and probably a lot more stuff. To make it happen, it needs your contribution and/or your money. -- tor-talk mailing list - [email protected] To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
