| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Aug 2011 03:02:19 +0300 From: nix@...roxylists.com To: "Arturo Filastò" <art@...baleaks.org> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Tor2web 2.0 is live! >> >> Im involved in anonymity and privacy research and development. I've >> recently released NiX Web Proxy Script: >> http://myproxylists.com/proxy-script >> >> A fully working online demo: http://myproxylists.com/nix_web_proxy/ >> >> PS. Does tor2web require custom modification before you can use a >> spesific >> web proxy software with the project? Im still trying to understand >> what's >> the point in tor2web :) >> > > Cool! > > First thing let me clarify what the goal of tor2web is. Tor Hidden > Services are usually only accessible through a Tor enabled browser, what > tor2web does allow people to visit hidden services from the normal web. > > It does not claim to guarantee any sort of anonymity on the client side > (this can be achieved by using Tor) but only allow people publishing > content anonymously with Tor hidden service > (https://www.torproject.org/docs/hidden-services.html.en) to be reached > from the normal web. > > I have taken a brief look at your software although I do not like the > fact that you are obfuscating your code. For a software that claims > security to be their top priority, hiding code is a very bad practice. > I understand your point but it's always harder to find bugs when you have no source code. It's obfuscated because NiX don't have a name yet. If it will become a brand, I'll have no issues to release the source code. The software contains very unique parsing engine and other advanced logics which im not up to publishing to the public unless the above condition has met. There's no backdoors whatsoever and it does not steal any personal information. Protected source code also prevents others from using the software for malicious purposes. We neither will see that easily renamed derivate work. So protected source code has it's advantages/disadvantages. > If you decide to release the source code of your software publicly I > will take it into consideration as a possible replacement for the > current tor2web code. However I will *never* use software whose code I > am unable to read. > This means you are not using windows nor any other commercial software because they don't release source code? > > Thanks for the interest in the tor2web project. > > > - Art. > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists