Moreover, the algorithm had been shown to be insecure in 2007 by Microsoft cryptographers Niels Ferguson and Dan Shumow, added Mr Clayton.
“Because the vulnerability was found some time ago, I’m not sure if anybody is using it,” he said.
But your comment implied that because it is open source it automatically means that it is safe and trustworthy and that isn’t true.
Well, your comment implied that OP shouldn’t trust Tor. OP should trust Tor at least as much as they trust their own device, which almost certainly has closed-source components I’d rather target if I was the NSA. (Or the Chinese, or…)
Since this user wanted an in depth conversation on the topic I don’t feel like its “ritualistic purity” to disclose all that I said above.
Except in-depth isn’t what was offered. This reply appears all the time in regards to Tor, and it never comes with alternative suggestions. So yeah, I suspect something irrational is motivating it.
That excerpt still says it was deployed to all the businesses listed above it, though. So yes it was being used however those businesses used it.
And yes closed source components are inescapable (and also a potential threat) unless you use something that is GNU certified and I don’t even think a lot of them can even run the current version of Tails but I havent researched it in awhile. Maybe could run Tor browser though but if my memory serves correctly even stuff that is GNU certified has some proprietary hardware in it.
But no, the irrationality here would be saying “because something is open source you should trust it automatically and ask no questions about it” which of course isn’t what you said but you implied that because something is open source its automatically to be trusted. And that’s not true.
I never said not to use TOR or implied that, I said (and you can look back at my comments and see) that just because something is open source doesn’t automatically mean it is safe and trustworthy. And I don’t think its irrational to say that.
This was all in response to someone pointing out that depending on what the person is using TOR for they should do more research about it and educate themselves on security of using it which is true.
Never just see open source and assume complete safety or trustworthiness. Which is something people who have never used TOR do all the time and why you see the points I made being brought up around the conversation constantly.
Open source doesn’t guarantee complete safety, you should still take other steps in addition to using open source to better enhance your privacy and security. TOR is great and I think OP and others interested should use it, but you should never blindly trust something just because it is open source and used a lot. Vulnerabilities can happen all the time, if they didn’t Tails wouldn’t ever need updated at all.
Alternatives (that I wouldn’t really recommend) do exist and since you mentioned how none were mentioned the two that come to mind first is i2p and Whonix although Whonix uses Tor routing but is an alternative to Tails I guess. Still wouldn’t recommend them over Tails though.
That excerpt still says it was deployed to all the businesses listed above it, though. So yes it was being used however those businesses used it.
It was in the OpenSSL (for example) as an option you could manually enable. Who knows if anyone actually did, given that everyone who knew enough to specifically ask also heard it was suspicious.
Post the next paragraph too.
Well, your comment implied that OP shouldn’t trust Tor. OP should trust Tor at least as much as they trust their own device, which almost certainly has closed-source components I’d rather target if I was the NSA. (Or the Chinese, or…)
Except in-depth isn’t what was offered. This reply appears all the time in regards to Tor, and it never comes with alternative suggestions. So yeah, I suspect something irrational is motivating it.
That excerpt still says it was deployed to all the businesses listed above it, though. So yes it was being used however those businesses used it.
And yes closed source components are inescapable (and also a potential threat) unless you use something that is GNU certified and I don’t even think a lot of them can even run the current version of Tails but I havent researched it in awhile. Maybe could run Tor browser though but if my memory serves correctly even stuff that is GNU certified has some proprietary hardware in it.
But no, the irrationality here would be saying “because something is open source you should trust it automatically and ask no questions about it” which of course isn’t what you said but you implied that because something is open source its automatically to be trusted. And that’s not true.
I never said not to use TOR or implied that, I said (and you can look back at my comments and see) that just because something is open source doesn’t automatically mean it is safe and trustworthy. And I don’t think its irrational to say that.
This was all in response to someone pointing out that depending on what the person is using TOR for they should do more research about it and educate themselves on security of using it which is true.
Never just see open source and assume complete safety or trustworthiness. Which is something people who have never used TOR do all the time and why you see the points I made being brought up around the conversation constantly.
Open source doesn’t guarantee complete safety, you should still take other steps in addition to using open source to better enhance your privacy and security. TOR is great and I think OP and others interested should use it, but you should never blindly trust something just because it is open source and used a lot. Vulnerabilities can happen all the time, if they didn’t Tails wouldn’t ever need updated at all.
Alternatives (that I wouldn’t really recommend) do exist and since you mentioned how none were mentioned the two that come to mind first is i2p and Whonix although Whonix uses Tor routing but is an alternative to Tails I guess. Still wouldn’t recommend them over Tails though.
It was in the OpenSSL (for example) as an option you could manually enable. Who knows if anyone actually did, given that everyone who knew enough to specifically ask also heard it was suspicious.