Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] - "The Beautiful & Secure Messenger"

Nadim Kobeissi nadim at
Thu Jul 11 14:00:42 PDT 2013

On 2013-07-11, at 4:32 PM, Andy Isaacson <adi at> wrote:

> On Thu, Jul 11, 2013 at 12:23:25PM -0700, Mitar wrote:
>> BTW. Even Tor has centralized directory servers.
> It's incredibly misleading to imply that the Tor DA design provides a
> similar threat to a server-hosted-crypto proprietary privacy app.  (I'm
> not accusing you of intentionally misleading, but the claim that you're
> repeating is misleading.)
> The Tor DAs are run by multiple individuals in diverse legal
> jurisdictions, and their sole purpose is to make a publicly checkable
> attestation of public facts.  The implementation run by the DAs is open
> source and has been developed in public according to a public design for
> a decade, in accordance with Kerckhoff's Principle.

I agree with your post generally, but I must beg your pardon and address something a bit off-topic:
A year ago, two DAs were subject to a DDoS. This prevented people from connecting to the Tor network very substantially. The network was largely inaccessible for a few hours. If DDoSing two computers can do this, you have a problem. Let's not downplay the fact that directory servers are indeed centralized and fragile. Having six servers spread across multiple IP address spaces doesn't exactly solve this problem.


> A non-open-source privacy app developed by a single company has a
> corporate nexus of control, a single jurisdiction to get a secret
> warrant in, and a single codebase and update server/signing-key to
> compromise giving 'the keys to the castle'.
> Even if an attacker were to secretly compromise all of the Tor DAs and
> publish a malicious consensus, the break is only to anonymity, not to
> message privacy.  (Granted, anonymity is a major selling point for Tor
> and that break would be a major problem, but it's still not as severe a
> break as the messaging app compromise.)
>> And it does not
>> really matter if the code there is open source or not, because you
>> anyway cannot know if they are really running some particular code
>> there or not.
> Being closed source doesn't fix this problem, so how is that a useful
> response to the advice "never trust a closed source privacy app"?
> Seatbelts don't help when your car flies off a cliff.  It's still a good
> idea to wear your seatbelt, for the 99% of crashes where they do help.
> Having open review of the design and implementation of your privacy app
> isn't enough to solve all of the potential compromises.  But it's still
> a good idea to have open review which will help address a vast number of
> vulnerabilities.
> -andy
> --
> Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at companys at or changing your settings at

More information about the liberationtech mailing list