[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Iran cracks down on web dissident technology

Thus spake Aplin, Justin M (jmaplin@xxxxxxx):

> On 3/20/2011 11:04 PM, Edward Langenback wrote:
> >Joe Btfsplk wrote:
> >>EVEN if it's not true, for me, Tor project has lost a good deal of its
> >>credibility through its associations.  Of course, no government would
> >>ever lie&  neither would a company (AT&T, Ford, Google, R.J. Reynolds...).
> >If I'm not mistaken, not only has TOR had at least some government /
> >DOD funding from the start, the original project was started by the
> >military.
> This is well-known, publicly-available, and frankly, *old* information. 
> Of course, Tor is in open-source project, so you're welcome to peruse 
> the source for any backdoors and compile it for yourself, just to be sure.

By the way, for people reading this doing advocacy in the field, this
is probably the worst justification you can give to people, even
technical people.

As soon as you tell someone to audit the code themselves, you are
placing a huge burden on their shoulders that they must deal with
somehow before they can trust it, even if they don't begin to believe
you are implicitly signaling something to them that you can't say out

Roger has spent a lot of time experimenting with people's reactions to
his answers to questions like "So, is tor secure?" or "Are there
really no back doors?" and the response that invariably freaked
already uneasy people out was "The source code is available. Check for

Whenever he told people this, invariably they assumed that he was
secretly trying to tell them that there was in fact a backdoor, and
that he was implicitly asking them to find it. He actually got the
best responses when he essentially just told people, "Sure it's
secure. Trust me, I wrote it.".

AFAIK, though, he has not extensively tested the more nuanced response
that Paul gave in his replies. But I think that if you can shorten
that down, it can work too, possibly better.

For example: "Trust the community. So many different people have
worked on, volunteered for, attacked, reviewed, and researched
tor-related topics from so many different institutions and backgrounds
that it is *the* most extensively studied and independently reviewed
anonymous communications system ever designed, let alone built. This
makes it secure."

But perhaps the average person's eyes will *still* glaze over half way
through that sentence, and you may be better off starting with Roger's
empirical favorite of "Oh, trust me, it's secure" first :)

Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpfhYzzxseba.pgp
Description: PGP signature

tor-talk mailing list