Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Satori - distributed tamper-resistant circumvention tools

Griffin Boyce griffin at cryptolab.net
Fri May 2 17:46:08 PDT 2014


On 2014-05-02 20:35, Andrew Cady wrote:
> On Fri, May 02, 2014 at 05:22:11PM -0400, Griffin Boyce wrote:
> 
>>   No, though I have two-factor authentication using a secure device
>> (not a cell phone), and I can't be vanned/rubber-hosed because I don't
>> actually know the password to my Google developer account.  Some
>> of this does require trust that I have a secure signing/uploading
>> environment.
> 
> If you can upload code -- with or without a password -- then you can be
> forced to upload malicious code (assuming you are vulnerable to vans 
> and
> rubber hoses).

   As could someone at Microsoft, Apple, or Canonical.  My current system 
fails closed pretty hard, even in the case of, say, someone breaking 
into my apartment.  The benefit of the project being open-source is that 
such a change wouldn't go unnoticed.  And it's trivial to fetch the 
extension code from Google and compare it.

~Griffin



More information about the liberationtech mailing list