[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] FBI cracked Tor security
On 7/14/2016 2:34 PM, Jon Tullett wrote:
Thanks Jon. I agree w/ most that you said. Again, semantics. Whether
they cracked Tor or Tor Browser won't change if the brutal dictator has
you shot in the front or back of the head. :)
2. Aren't statements (from anyone) like, "... generally crack the servers
hosting the illicit material, not Tor itself," sort of a matter of
Depends on the context, I guess. To the user, maybe, but in the
context of this (Tor) community, the distinction matters. Browser
vulns and server exploits are common. Tor's crypto is not, AFAIK,
known to be compromised.
Unless one is using Tor w/ their own internet browsing application, an
exploited weakness in Tor Browser - modified Firefox - has the same
effect on users. They're a package deal.
If claiming, there are no known cases of authorities "cracking Tor" or
using its weaknesses to deanonymize users, that may be correct, AFAWK.
But, it's been shown time & again, "we" don't know very far regarding
what gov'ts & their agencies can / can't do, or have / haven't done.
An unfortunate fact for citizens everywhere. "Absence of evidence is not
evidence of absence," as to their capabilities. If any government
cracks Tor, it'll be of the highest security classification. Most
advanced governments aren't as bungling & clueless as many think they are.
True - if someone cracked Tor, this show is over - for a while. To
Prisoner Number Six, it makes no difference if the chink was in Tor
proper, or in the browser. It matters to Tor Project for ego & bragging
rights & it matters regarding whether only a few unlucky freedom
fighters got caught, or if Tor needs a complete overhaul.
You're not really suggesting that users under hostile dictatorships or
ones trying to expose democratic government unconstitutional actions,
take full responsibility for the ongoing modifying, patching & constant
reading about weaknesses of Tor Browser "for their own security?"
That Tor Project is saying Tor is relatively anonymous; as for Tor
Browser, everyone's on their own.
The issue of who should be responsible for alerting a user to possible
risks is debatable. Tor's job, after all, is not to keep users secure;
it's to keep them anonymous. I don't speak for the Tor project, but I
expect the assumption is that users should take responsibility for
their own security, just as they should take responsibility for
antivirus, patching, and brushing their teeth :)
If one is in the right (or wrong) situation, anonymity = security. Lack
of anonymity may = jail or death. Not for me & presumably not Tor
developers, but for some users that Tor was designed for.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to