![]() ![]() (Using OnionShare is easier if you don't need to make the communication anonymous even to spooks, e.g. After they see that someone grabbed the file, they can check a page at to see that their confirmation code is listed as having been received by the tor devs. Then users who have found a sensitive bug can use Tails to send via OTP text message to a special tor user the url of the onion address together with a unique confirmation code. One way which is certainly technically possible with minimal effort would be to persuade Tails Project to put the standard accounts back in Tails 4.0 (forthcoming, based on Debian 10 "Buster"), and to create a #tor-vulns chatroom. But surely if tor devs but their minds to it, some good ways tor users would feel comfortable with using can be found.īy default a file shared via OnionShare can only be shared *once*, so the hope is that if you see that someone grabbed the file and then confirm "out of band" that the intended party has it, you can be confident (we hope) that only the intended party has the sensitive information. The roadblock for using OnionShare is safely and anonymously communicating the temporary onion address to the party you wish to communicate with. with Tor Project) which is hard for the bad guys to attribute to an individual honest citizen. Here is a third idea which I've tried to suggest previously, so far without success: OnionShare is a very natural tool for sharing anything which needs to be kept private, and also has the potential for communication (e.g. ![]() It would be very wise to audit Whisperback first, of course. This uses an onion send an email, hopefully anonymous, to Tails. Here is an alternative idea I've tried to suggest: follow the lead of Tails Project by adopting Whisperback for security bug reports. ![]() but if I ever (shudder) think I've discovered a serious bug I'll try this method. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |