Re: [tor-talk] Is Tor still valid?

[andrfew <andrewfriedman101@xxxxxxxxx>]

Adrelanos,
Would the exploit have worked with Whonix?

On 08/05/2013 10:30 PM, adrelanos wrote:
> Crypto:
>> On 8/5/2013 1:29 PM, Andrew F wrote:
>>> Is Tor still Valid now that we know the nsa is actively
>>> exploiting holes in technology anonymity tools?  We know that Tor
>>> and hidden services has issues, not to mention the whole
>>> fingerprinting problems.
>>>
>>> Is Tor too vulnerable to trust?    Watch the video below.
>>>
>>> XKeyscore http://www.youtube.com/watch?v=TSEbshxgUas
>>>
>> I'm curious as to why everyone is so intent on blaming Tor itself?
>> Tor was not exploited. It was a hole in FF 17 in conjunction with
>> the application running behind the hidden service. It's like saying
>> "My car got a flat tire! Should I ever drive again?" I agree that
>> the exploit was a bad one and in turn it's a big security issue.
>> But if we're going to point fingers let's not point at Tor. Let's
>> focus on the underlying issue(s) that caused this to happen. FF 17
>> was the target, not Tor. Mozilla has addressed the issue.
> Because The Tor Project (TPO) ships the Tor Browser Bundle, which
> includes Firefox.
>
> TPO is being blamed for leaving javascript enabled by default. And for
> not shipping a hardened text-only browser. And for not shipping the
> most secure operating system (yet to be implemented).
>
> On the other hand, if TPO focused on security in past at cost of
> usability, the people complaining know maybe wouldn't even know that
> Tor existed.
>
> See this attack as an reminder and reality check. Tor is not as safe
> as many people kept preaching. We need safer anonymity networks, safer
> operating systems, more educated users and probably a lot more stuff.
> To make it happen, it needs your contribution and/or your money.

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk