[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tormail?



On Thu, 2011-11-10 at 09:56 +0000, tor@xxxxxxxxxxxxxxxxxx wrote:
> It's quite different for non-anonymous providers. They are restricted by
> laws, and are held responsible for their actions, legally and
> commercially. If we don't even know where TorMail is hosted, we don't
> know what laws they're subject to, nor whether they're following them.
> And if they're caught doing something illegal, we can't track them down
> in order to hold them responsible.
> 
> 
If Google was reading your email, you could not track them down or hold
them responsible. Google, like other corporations, is not restricted by
law. 

What you're referring to is "privacy by policy." In this mode of
thinking, you assert that a service is private because the person
providing that service says that it's private. At this point, you need
go figure out how much you trust them to evaluate how private that
system is. 

Tor and other privacy-enhancing technologies provide "privacy by
design." In this mode of thinking, you assert that a service is private
because you, the person using it, uses some other technology that
enforces privacy. At this point, you don't care about who's running the
service, because even though Google has a lot of lawyers, those lawyers
can't get a court order to break RSA. The government can't subpoena
math.

It should be clear which mode of thinking is better.

This idea is stolen without any remorse from
<https://blog.torproject.org/blog/anonymity-design-versus-policy>.

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk