Hi,
Twitter gone mad last night with news and assumptions regarding the
arrest of the Silk Road presumed owner. Now, a lot of stupid things
were spread like Tor has been broken, Bitcoin has been broken, so on.
All experts here know the caught of that guy had nothing to do with
Tor's security - it was pure human error and detective work (not hack
or computer-technical) required to catch him. Nothing can protect you
if you use your legal full name. This is off-topic to this mail list
so I won't go into specifics.
What was really interesting was how did they discover the location of
the server where the hidden service was running. Again, I assume
nothing to do with Tor. What I assume is that they found some kind of
exploit into Apache, IIS or whatever web server was running on that
computer and made it to "spit" it's real public IP address. Then it
was just a matter of going where the server was physically and cloning
and etc.
! Conclusion:
Since Tails is no #1 anonymity live linux using Tor, with PGP / GPG
encryption incorporated I think it will be wise, nice and recommended
to build in the next version of Tails a "Secure Web Server" or
something like this which will enable users to run hidden services on
Tails with the piece of mind that the web server is properly secured
and it cannot be exploited in order to "spit" the real IP address of
the server or any data about the site which should not be known to
third parties.
Also, bitcoin-qt with improvements to work on Tails and only via Tor
would be a great thing for all Tails users.
This will attract more users to Tails since it would be used on both
client-side and server-side and, also, most important, be what Tails
is expected to be : no #1 anonymity distro based on Tor with all taken
care of.
Experts can choose whatever webserver they want (the one which is most
easy to make it bulletproof): Apache, nginx, lighthttpd, etc.
Hope to hear more opinions regarding this topic! Thanks!
- --
PGP Public key:
http://www.sky-ip.org/s7r@sky-ip.org.asc
ICQ #: 556561918
