Thus spake Aplin, Justin M (jmaplin@xxxxxxx): > On 3/20/2011 11:04 PM, Edward Langenback wrote: > >Joe Btfsplk wrote: > >>EVEN if it's not true, for me, Tor project has lost a good deal of its > >>credibility through its associations. Of course, no government would > >>ever lie& neither would a company (AT&T, Ford, Google, R.J. Reynolds...). > >If I'm not mistaken, not only has TOR had at least some government / > >DOD funding from the start, the original project was started by the > >military. > > This is well-known, publicly-available, and frankly, *old* information. > Of course, Tor is in open-source project, so you're welcome to peruse > the source for any backdoors and compile it for yourself, just to be sure. By the way, for people reading this doing advocacy in the field, this is probably the worst justification you can give to people, even technical people. As soon as you tell someone to audit the code themselves, you are placing a huge burden on their shoulders that they must deal with somehow before they can trust it, even if they don't begin to believe you are implicitly signaling something to them that you can't say out loud. Roger has spent a lot of time experimenting with people's reactions to his answers to questions like "So, is tor secure?" or "Are there really no back doors?" and the response that invariably freaked already uneasy people out was "The source code is available. Check for yourself." Whenever he told people this, invariably they assumed that he was secretly trying to tell them that there was in fact a backdoor, and that he was implicitly asking them to find it. He actually got the best responses when he essentially just told people, "Sure it's secure. Trust me, I wrote it.". AFAIK, though, he has not extensively tested the more nuanced response that Paul gave in his replies. But I think that if you can shorten that down, it can work too, possibly better. For example: "Trust the community. So many different people have worked on, volunteered for, attacked, reviewed, and researched tor-related topics from so many different institutions and backgrounds that it is *the* most extensively studied and independently reviewed anonymous communications system ever designed, let alone built. This makes it secure." But perhaps the average person's eyes will *still* glaze over half way through that sentence, and you may be better off starting with Roger's empirical favorite of "Oh, trust me, it's secure" first :) -- Mike Perry Mad Computer Scientist fscked.org evil labs
Attachment:
pgpfhYzzxseba.pgp
Description: PGP signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk