On Sun, Dec 10, 2017 at 07:57:14PM +0000, Poul-Henning Kamp wrote: > -------- > In message <[email protected]>, Yuri writes: > > >3. The user updated the sources through Tor and got hacked. > > > >Where did this user go wrong, or where has he been irresponsible? > > He trusted Tor? > > In 2006 Steven Murdochs "Hot or Not" work in TCP timers revealed > that a LOT of the Tor network is on a longitude compatible with a > "Bandit of The Beltway" location.
Are you really referencing a paper from 11 years ago specifically about a hidden service confirmation attack? This is not within Tor's threat model. Yes, it is a real attack, and yes, this could and should be prevented, but this says absolutely nothing about the security or "trustworthiness" of the Tor network or the protection it provides 99% of all users. > > If you still, elleven years later, seriously belive that Tor is > trustworthy, you shouldn't be allowed near any kind of security > decision. *head scratch* Most of the relays are in Europe now, just FYI. Tor is not perfect, but it offers by-far a better method of connecting two machines than using the Internet alone. > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > [email protected] | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence. > _______________________________________________ > [email protected] mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "[email protected]" _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
