[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] FBI cracked Tor security



On 7/14/2016 2:34 PM, Jon Tullett wrote:
2.  Aren't statements (from anyone) like, "... generally crack the servers
hosting the illicit material, not Tor itself," sort of a matter of
semantics?
Depends on the context, I guess. To the user, maybe, but in the
context of this (Tor) community, the distinction matters. Browser
vulns and server exploits are common. Tor's crypto is not, AFAIK,
known to be compromised.
Thanks Jon. I agree w/ most that you said. Again, semantics. Whether they cracked Tor or Tor Browser won't change if the brutal dictator has you shot in the front or back of the head. :)

Unless one is using Tor w/ their own internet browsing application, an exploited weakness in Tor Browser - modified Firefox - has the same effect on users. They're a package deal. If claiming, there are no known cases of authorities "cracking Tor" or using its weaknesses to deanonymize users, that may be correct, AFAWK. But, it's been shown time & again, "we" don't know very far regarding what gov'ts & their agencies can / can't do, or have / haven't done. An unfortunate fact for citizens everywhere. "Absence of evidence is not evidence of absence," as to their capabilities. If any government cracks Tor, it'll be of the highest security classification. Most advanced governments aren't as bungling & clueless as many think they are.

True - if someone cracked Tor, this show is over - for a while. To Prisoner Number Six, it makes no difference if the chink was in Tor proper, or in the browser. It matters to Tor Project for ego & bragging rights & it matters regarding whether only a few unlucky freedom fighters got caught, or if Tor needs a complete overhaul.


The issue of who should be responsible for alerting a user to possible
risks is debatable. Tor's job, after all, is not to keep users secure;
it's to keep them anonymous. I don't speak for the Tor project, but I
expect the assumption is that users should take responsibility for
their own security, just as they should take responsibility for
antivirus, patching, and brushing their teeth :)

-J
You're not really suggesting that users under hostile dictatorships or ones trying to expose democratic government unconstitutional actions, take full responsibility for the ongoing modifying, patching & constant reading about weaknesses of Tor Browser "for their own security?" That Tor Project is saying Tor is relatively anonymous; as for Tor Browser, everyone's on their own.

If one is in the right (or wrong) situation, anonymity = security. Lack of anonymity may = jail or death. Not for me & presumably not Tor developers, but for some users that Tor was designed for.

Six out.
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk