Full Disclosure mailing list archives
Re: Popular Net anonymity service back-doored
From: Bernhard Kuemel <darsie () gmx at>
Date: Sun, 24 Aug 2003 11:42:51 +0200
Hi! Aron Nimzovitch wrote:
Only a fool would blindly depend on someone else's software to gain anonymity without examining the code. If you need anonymity,
> then you should easily be willing to invest sweat equity, or > have a contractual arrangement when the threat is only > financial. For more serious threats requiring anonymity, > not reviewing the source when it is available seems beyond > stupid.And surely you would apply your opinion to any kind of cryptography like pgp, ssl, etc. There are millions of users out there who do not have the skills (programming, mathematics) to verify such code. Calling them beyond stupid for that is inappropriate. Blindly relying on software may be foolish, but if you keep an open eye for warnings from those that have the skills and do verify the code of popular software it is ok.
And - who guarantees that the code that is published is the same that is used on the servers? So reviewing code only helps if you compile and use it yourself or maybe in situations like remailer chains you rely on the assumption that at least one remailer will use the published code. But JAP IMO is not a chain of independent systems.
Bernhard -- Low end Serverhousing ab 25 e inkl. 1x 11 e/GB, etc.: http://bksys.at _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Popular Net anonymity service back-doored Florian Weimer (Aug 21)
- RE: Re: Popular Net anonymity service back-doored Drew Copley (Aug 21)
- Re: Re: Popular Net anonymity service back-doored Florian Weimer (Aug 21)
- Re: Popular Net anonymity service back-doored Thomas C. Greene (Aug 21)
- Re: Popular Net anonymity service back-doored Aron Nimzovitch (Aug 21)
- Re: Popular Net anonymity service back-doored Barney Wolff (Aug 21)
- RE: Popular Net anonymity service back-doored David Schwartz (Aug 21)
- RE: Popular Net anonymity service back-doored Drew Copley (Aug 22)
- Re: RE: Popular Net anonymity service back-doored felix . roennebeck (Aug 22)
- Re: Popular Net anonymity service back-doored Bernhard Kuemel (Aug 24)
- Re: Re: Popular Net anonymity service back-doored Dave Howe (Aug 27)
- Re: Popular Net anonymity service back-doored Aron Nimzovitch (Aug 21)
- RE: Re: Popular Net anonymity service back-doored Drew Copley (Aug 21)
- Re: Popular Net anonymity service back-doored Alex Russell (Aug 21)
- Re: Popular Net anonymity service back-doored Michael Schlenker (Aug 22)
- Re: Popular Net anonymity service back-doored nordi (Aug 22)
- Re: Popular Net anonymity service back-doored Alex Russell (Aug 22)
- <Possible follow-ups>
- RE: Popular Net anonymity service back-doored David Schwartz (Aug 22)
- Re: Popular Net anonymity service back-doored Alex Russell (Aug 25)