Delivery-Date: Sun, 03 May 2015 20:32:14 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 571A61E0CA0
	for <archiver@seul.org>; Sun,  3 May 2015 20:32:12 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 2028434D1C;
	Mon,  4 May 2015 00:32:08 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 2926334CE1
 for <tor-talk@lists.torproject.org>; Mon,  4 May 2015 00:32:04 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id KtNFJcnTYlMo for <tor-talk@lists.torproject.org>;
 Mon,  4 May 2015 00:32:04 +0000 (UTC)
Received: from mail-la0-x236.google.com (mail-la0-x236.google.com
 [IPv6:2a00:1450:4010:c03::236])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id BD8DB3478F
 for <tor-talk@lists.torproject.org>; Mon,  4 May 2015 00:32:03 +0000 (UTC)
Received: by laat2 with SMTP id t2so94358007laa.1
 for <tor-talk@lists.torproject.org>; Sun, 03 May 2015 17:32:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=6uRTJS4icH1/AVx38DWRoV+kVSeTpEjFUQPMChFqvW0=;
 b=M2iwN1tJBsvL24EgvM3NhsBjwXVTJPgRZzK60DX96kKpdQP0l5U9CzFJQEdPfAMWBz
 rVZMmdcGwyXVrgMNVNkXsTo3PY1AQ1oozspizrtOgIInEGHVlyJHlPUR1ZiHa4xLK+Nc
 /EhpiT5IpDkF6RfWQ5GXtVefObG9pycY2zWSUFeF/oBLueZ6+DZMw+0ipWPhBo4n/VFr
 sKY7xda6s/JS+9MMOG9Qn+m5qWRm+d1E3HFlh9Kc+2/yQNHQw/m4hrB1z11iSIINAwTO
 LoazGe5DVNHR3wdFzu1Nl3mLVT7fKq2ec1zc+bU+DFOVuE2wQ6dkSm7F1qX7cU2vjcQD
 +XIw==
MIME-Version: 1.0
X-Received: by 10.152.164.193 with SMTP id ys1mr17341213lab.23.1430699520555; 
 Sun, 03 May 2015 17:32:00 -0700 (PDT)
Received: by 10.25.90.65 with HTTP; Sun, 3 May 2015 17:32:00 -0700 (PDT)
In-Reply-To: <5546a805.8b1e8c0a.132b.ffffafe9@mx.google.com>
References: <5545929B.10805@riseup.net>
 <CAMTdTS9Jo4RYpQX+esro4pHO2zAG6gYTJWDsxsLeNaQ6A+026w@mail.gmail.com>
 <CAJVRA1S3tTX=hMDMrefvAWOT1Bi18zH_ztBGh8G+S_7hwodDEw@mail.gmail.com>
 <CAMTdTS-_BhHXb76-_US8gx6YdH2dpPmh4-D6utiBQghjaULrnA@mail.gmail.com>
 <CAJVRA1SSz4rMw=S8yqyHkuakVyZbzAxLQFj_fAwG3xUCcSm90w@mail.gmail.com>
 <CAMTdTS9J65QtAPQtK+TAzQ4O=sPF9jxsRBhgZ6xX8svjC6_AHQ@mail.gmail.com>
 <CAJVRA1S2Um0D=oM3bMf0RonowRDi41FVac=jprwuq9z+Cb8vwA@mail.gmail.com>
 <5546a805.8b1e8c0a.132b.ffffafe9@mx.google.com>
Date: Sun, 3 May 2015 17:32:00 -0700
Message-ID: <CAJVRA1R7L=vzUFCVhXj3GUXZ6DcYSaZDwo=a5y8jyHgx9CO+fw@mail.gmail.com>
From: coderman <coderman@gmail.com>
To: tor-talk@lists.torproject.org, juan.g71@gmail.com
Subject: Re: [tor-talk] Meeting Snowden in Princeton
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 5/3/15, Juan <juan.g71@gmail.com> wrote:
> ...

hey Juan,

i'm turning over a new leaf and responding to your feedback with
promptness and detail. [0]



>> what part of "Will never compromise Tor" do you not understand?
>
> 	LMAO!  What part of 'secret laws' and US military nazis you
> 	don't understand?

open source code in the open means heavy handed attempts to backdoor
or weaken are visible, and prone to discovery in the future. if you
have a diverse, engaged community of security conscious developers,
the odds of finding such a thing quickly is good, and you're also
going to find the oversights and bugs just as risky to security and
privacy.

how do you trust the developers themselves? that's a hard question i
have no good answer for. i went to the Paris dev conference last
summer to get first hand view of environment around Tor devs, and meet
digital entities face to face... nation state security services
definitely interested, but seemingly effective without resorting to
exotic narco cartel threats in your vivid imagination.

notice that Tor browser builds are reproducible, and now (some) signed
by hardware token. these are all parts of building trust in the
software that gets distributed and executed by others.

how do you trust, along specific angles, the OPSEC, integrity(verity),
vigilance of a given developer? i don't have answers. one fun
anecdote, however, is trial by DEF CON, back in the day before it sold
out wholesale. not recommended, even then! :P



> 	Plus, why on earth should anybody trust whatever you post from
> 	your anonymous address?

i trust serqet345qt265xp.onion more gmail, that's for sure. (gmail
nicely expresses my contempt for email, however.)

as for anything else, it's back to trusting trust and where do you
draw the line.  open development cannot force independent, competent
review of code and architecture - a highly demanded service in
industry and elsewhere.



>> educating law enforcement does not equate to capitulating to calls for
>> backdoors or weaknesses.
>
> 	bla bla bla

are you contesting the appropriateness of any cooperation with law
enforcement what so ever?

or that education is really some nefarious secret collusion to screw Tor users?

please elaborate on the bla. thank you!



best regards,
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

