Full Disclosure mailing list archives
RE: Popular Net anonymity service back-doored
From: "David Schwartz" <davids () webmaster com>
Date: Thu, 21 Aug 2003 21:00:07 -0700
From: "David Schwartz" <davids () webmaster com> Date: Thu, 21 Aug 2003 17:09:45 -0700 > Only a fool would blindly depend on someone else's software to gain > anonymity without examining the code. If you need > anonymity, then you > should easily be willing to invest sweat equity, or have a > contractual > arrangement when the threat is only financial. For more serious > threats requiring anonymity, not reviewing the source when it is > available seems beyond stupid. I'm 100% with you up to now. > I could unserstand your ire if you > were one of our clients, but this was a free service wasn't it? But now you're teetering on insanity. I get a ride home from a pub, but the driver instead of taking me home takes me to a dark alley and beats me to a pulp. My ire at the betrayal of trust should be based upon whether and how much I paid the driver?! If you think purchased business loyalty is more reliable, and provokes a more painful betrayal, than loyalty freely offered out of principled devotion to a common cause, you're not in touch with the same reality I am. This is a case of betrayal among people who thought they were engaged in a common cause of principle.
Oh no. I would never risk _personal_ security to a computer, but I will risk financial security (do I even have a choice). Since I'm only thinking financially, I was thinking of the standard capitalist model.
I think you'll find that there is a ton of overlap between these two categories.
To modify your example, my ire would be directed at myself for misjudging the safety of the situation, regardless of what it cost. Especially if the vehicle carried a sign that said "driver not responsible". I'm sure you read the disclaimers on the website...
Almost every piece of software contains a EULA/disclaimer that says that absolutely nothing is guaranteed and you're on your own. You have no way to audit the software if it's not open source and often are prohibited from reverse-engineering it anyway. You often have to agree to limit the author's/manufacturer's liability to the purchase price.
I'm afraid I only believe in principled devotion from people I can personally meet and have known for many years. The Cypherpunks and Detweiler showed how risky that was based on text interchange mediated by computers.
Absolutely, the people who extended trust were foolish to do so. It's very easy to say that in retrospect. However, "it's your fault for trusting me" doesn't play. If I leave my home while a contractor is working on it and tell him to lock up and slide the key under the door and he forgets to lock up and a burglar walks in and steals all my stuff, yes, it's the contractor's fault for being stupid and leaving my house unlocked. But that does not reduce the culpability of the burglar, does it? If anything, it's worse to pick on those less defended. DS _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Popular Net anonymity service back-doored, (continued)
- Re: Popular Net anonymity service back-doored Barney Wolff (Aug 21)
- RE: Popular Net anonymity service back-doored David Schwartz (Aug 21)
- RE: Popular Net anonymity service back-doored Drew Copley (Aug 22)
- Re: RE: Popular Net anonymity service back-doored felix . roennebeck (Aug 22)
- Re: Popular Net anonymity service back-doored Bernhard Kuemel (Aug 24)
- Re: Re: Popular Net anonymity service back-doored Dave Howe (Aug 27)
- Re: Popular Net anonymity service back-doored Alex Russell (Aug 21)
- Re: Popular Net anonymity service back-doored Michael Schlenker (Aug 22)
- Re: Popular Net anonymity service back-doored nordi (Aug 22)
- Re: Popular Net anonymity service back-doored Alex Russell (Aug 22)