[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] Future Onion Addresses and Human Factors
On Mon, Aug 10, 2015 at 09:36:22PM +0000, Alec Muffett wrote:
> On Aug 10, 2015, at 2:00 PM, Philipp Winter <phw@xxxxxxxxx> wrote:
> > Vanity addresses encourage people to only verify the human-readable part
> > of an address before clicking on it. That creates a false sense of
> > security, which is already exploited by spoofed onion service addresses
> > whose prefix and suffix mimics the original onion address.
>
> That does strike me as a risk.
>
> That said, if an address is completely incapable, even hostile to
> validation by human eyeballs, then what happens is âtrustâ migrates to
> using a bunch of tools which are forgeable, spoofable, hackable,
> trojanable.
Right. That's why I would integrate these tools into Tor Browser
instead of distributing them separately.
Cheers,
Philipp
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev