Re: [tor-bugs] #7085 [Tor bundles/installation]: Integrate Cryptocat Browser Extension into Tor Browser Bundle

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#7085: Integrate Cryptocat Browser Extension into Tor Browser Bundle
--------------------------------------+-------------------------------------
 Reporter:  kaepora                   |          Owner:  erinn                        
     Type:  enhancement               |         Status:  new                          
 Priority:  normal                    |      Milestone:  TorBrowserBundle 2.2.x-stable
Component:  Tor bundles/installation  |        Version:  Tor: unspecified             
 Keywords:                            |         Parent:                               
   Points:                            |   Actualpoints:                               
--------------------------------------+-------------------------------------

Comment(by kaepora):

 Replying to [comment:34 mikeperry]:


 > I would like to see the report. Have you heard anything from Dan Veditz?

 I sent Dan a couple of emails, he never replied. I will email you the
 report now.

 >
 > I've also been wondering if your CSIS encounter counts as another code
 review. I've been thinking about it quite a bit for the last few days..
 Let's assume it was CSIS and not some random troll. Nobody told Ian that
 he was endangering national security by publishing the pidgin-otr plugin..
 I was able to come up with four explanations for this: 1). Ian is a
 natural born Canadian citizen, and for some reason this makes him less of
 a "threat". 2). Pidgin and/or libpurple is already so full of remote code
 exec vulnerabilities (esp in its dependency libraries on platforms for
 which it is built statically) that whatever crypto it thinks its doing is
 not a threat to state-sized adversaries. 3). CryptoCat would be the first
 usable implementation of mpOTR, which could be a game changer for
 surveilling group chat. 4). OMG THAT'S EXACTLY WHAT they WANTED ME TO
 THINK!11 (Pick your own values of 'that' and 'THEY').
 >
 > I'm not sure which one to bet on. Too bad there are no futures markets
 for these things... But in any case, for some reason I kind of want to say
 'congratulations'? (Just don't tell THEM I said that...)

 Frankly, there are so many unknown unknowns with that weird story that I'm
 just trying as hard as possible to put it out of my life, revise and
 increase my security culture, and keep on with my work. Dwelling on that
 incident is just counter-productive and frustrating.

 >
 > As soon as the TBB-stable FF17 transition is over, I think we can at
 least try out CryptoCat in the next TBB-alpha and see what happens. If you
 never hear from me again after this, assume you have my blessing ;).

 Amazing! Should we stay in close contact as this progresses? Maybe I
 should add you on GTalk or XMPP?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7085#comment:35>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs