[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Meeting Snowden in Princeton



On 5/3/15, Juan <juan.g71@gmail.com> wrote:
> ...

hey Juan,

i'm turning over a new leaf and responding to your feedback with
promptness and detail. [0]



>> what part of "Will never compromise Tor" do you not understand?
>
> 	LMAO!  What part of 'secret laws' and US military nazis you
> 	don't understand?

open source code in the open means heavy handed attempts to backdoor
or weaken are visible, and prone to discovery in the future. if you
have a diverse, engaged community of security conscious developers,
the odds of finding such a thing quickly is good, and you're also
going to find the oversights and bugs just as risky to security and
privacy.

how do you trust the developers themselves? that's a hard question i
have no good answer for. i went to the Paris dev conference last
summer to get first hand view of environment around Tor devs, and meet
digital entities face to face... nation state security services
definitely interested, but seemingly effective without resorting to
exotic narco cartel threats in your vivid imagination.

notice that Tor browser builds are reproducible, and now (some) signed
by hardware token. these are all parts of building trust in the
software that gets distributed and executed by others.

how do you trust, along specific angles, the OPSEC, integrity(verity),
vigilance of a given developer? i don't have answers. one fun
anecdote, however, is trial by DEF CON, back in the day before it sold
out wholesale. not recommended, even then! :P



> 	Plus, why on earth should anybody trust whatever you post from
> 	your anonymous address?

i trust serqet345qt265xp.onion more gmail, that's for sure. (gmail
nicely expresses my contempt for email, however.)

as for anything else, it's back to trusting trust and where do you
draw the line.  open development cannot force independent, competent
review of code and architecture - a highly demanded service in
industry and elsewhere.



>> educating law enforcement does not equate to capitulating to calls for
>> backdoors or weaknesses.
>
> 	bla bla bla

are you contesting the appropriateness of any cooperation with law
enforcement what so ever?

or that education is really some nefarious secret collusion to screw Tor users?

please elaborate on the bla. thank you!



best regards,
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk