[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Is Tor still valid?



Crypto:
> On 8/5/2013 1:29 PM, Andrew F wrote:
>> Is Tor still Valid now that we know the nsa is actively
>> exploiting holes in technology anonymity tools?  We know that Tor
>> and hidden services has issues, not to mention the whole
>> fingerprinting problems.
>> 
>> Is Tor too vulnerable to trust?    Watch the video below.
>> 
>> XKeyscore http://www.youtube.com/watch?v=TSEbshxgUas
>> 
> 
> I'm curious as to why everyone is so intent on blaming Tor itself?
> Tor was not exploited. It was a hole in FF 17 in conjunction with
> the application running behind the hidden service. It's like saying
> "My car got a flat tire! Should I ever drive again?" I agree that
> the exploit was a bad one and in turn it's a big security issue.
> But if we're going to point fingers let's not point at Tor. Let's
> focus on the underlying issue(s) that caused this to happen. FF 17
> was the target, not Tor. Mozilla has addressed the issue.

Because The Tor Project (TPO) ships the Tor Browser Bundle, which
includes Firefox.

TPO is being blamed for leaving javascript enabled by default. And for
not shipping a hardened text-only browser. And for not shipping the
most secure operating system (yet to be implemented).

On the other hand, if TPO focused on security in past at cost of
usability, the people complaining know maybe wouldn't even know that
Tor existed.

See this attack as an reminder and reality check. Tor is not as safe
as many people kept preaching. We need safer anonymity networks, safer
operating systems, more educated users and probably a lot more stuff.
To make it happen, it needs your contribution and/or your money.
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk