Right now, two keys are required, and those keys are not accessible by the same people. > So, would it currently require just two keys (a TLS key and a single update-signing key) to make a malicious Tor Browser update pass the built-in updater's authenticity checks? If so, are those keys at least hopefully not accessible to the same persons? We congratulate Apple on their commitment to the privacy and security of their users, and we admire their efforts to advance the debate over the right to privacy and security for all. However, since requests for backdoors or cryptographic key material so closely resemble many other forms of security failure, we remain committed to researching and developing engineering solutions to further mitigate these risks, regardless of their origin. We look forward to making an official public statement on this commitment as the situation unfolds. Like those at Apple, several of our developers have already stated that they would rather resign than honor any request to introduce a backdoor or vulnerability into our software that could be used to harm our users. For this reason, regardless of the outcome of the Apple decision, we are exploring further ways to eliminate single points of failure, so that even if a government or a criminal obtains our cryptographic keys, our distributed network and its users would be able to detect this fact and report it to us as a security issue. The threats that Apple faces to hand over its cryptographic signing keys to the US government (or to sign alternate versions of its software for the US government) are no different than threats of force or compromise that any of our developers or our volunteer network operators may face from any actor, governmental or not. We are also currently accelerating the development of a vulnerability-reporting reward program to encourage external software developers to look for and report any vulnerabilities that affect our primary software products. This isn't surprising: we've been public about our " no backdoors, ever" stance, we've had clear public support from our friends at EFF and ACLU, and it's well-known that our open source engineering processes and distributed architecture make it hard to add a backdoor quietly.įrom an engineering perspective, our code review and open source development processes make it likely that such a backdoor would be quickly discovered. The Tor Project has never received a legal demand to place a backdoor in its programs or source code, nor have we received any requests to hand over cryptographic signing material. This use of multiple independent cryptographic mechanisms and independent keys reduces the risk of single points of failure. Finally, the updates themselves are also protected by strong cryptography, in the form of package-level cryptographic signatures (the Tor Project signs the update files themselves). These requests also use HTTPS encryption and pinned HTTPS certificates (a security mechanism that allows HTTPS websites to resist being impersonated by an attacker by specifying exact cryptographic keys for sites). The Tor Browser downloads its software updates anonymously using the Tor network, and update requests contain no identifying information that could be used to deliver targeted malicious updates to specific users. Moreover, anyone can obtain our source code and produce bit-for-bit identical copies of the programs we distribute using Reproducible Builds, eliminating the possibility of single points of compromise or coercion in our software build process. Our primary product, the Tor Browser, is fully open source. The Tor Project employs several mechanisms to ensure the security and integrity of our software. Any weakness introduced to help a particular government would inevitably be discovered and could be used against all of our users. And for all of them, that privacy depends upon the integrity of our software, and on strong cryptography. Even in Western societies, studies demonstrate that intelligence agencies such as the NSA are chilling dissent and silencing political discourse merely through the threat of pervasive surveillance.įor all of our users, their privacy is their security. These users include bloggers reporting on drug violence in Latin America dissidents in China, Russia, and the Middle East police and military officers who use our software to keep themselves safe on the job and LGBTI individuals who face persecution nearly everywhere. We therefore stand with Apple to defend strong encryption and to oppose government pressure to weaken it. In an age when people have so little control over the information recorded about their lives, we believe that privacy is worth fighting for. The strong encryption built into our software is essential for their safety. The Tor Project exists to provide privacy and anonymity for millions of people, including human rights defenders across the globe whose lives depend on it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |