Bugtraq mailing list archives
RE: Popular Net anonymity service back-doored
From: "Drew Copley" <dcopley () eeye com>
Date: Thu, 21 Aug 2003 15:29:16 -0700
-----Original Message----- From: Aron Nimzovitch [mailto:crypto () clouddancer com] Sent: Thursday, August 21, 2003 2:42 PM To: thomas.greene () theregister co uk Cc: fw () deneb enyo de; bugtraq () securityfocus com; full-disclosure () lists netsys com Subject: Re: Popular Net anonymity service back-doored Mailing-List: contact bugtraq-help () securityfocus com; run by ezmlm From: "Thomas C. Greene " <thomas.greene () theregister co uk> Organization: The Register Leaving a hint in the source and waiting for someone to call them on it may be a legal strategem, but it's not a good way of maintaining user trust. Only a fool would blindly depend on someone else's software to gain anonymity without examining the code.
Why stop at anonymity software? What about all software?
If you need anonymity, then you should easily be willing to invest sweat equity, or have a contractual arrangement when the threat is only financial. For more serious threats requiring anonymity, not reviewing the source when it is available seems beyond stupid. I could unserstand your ire if you were one of our clients, but this was a free service wasn't it? FAR
So, then, if I gave you free code which was trojanized for my own interests, you deserve to be trojanized? I fail to see the reasoning behind this. Perhaps, in your isolating anonymity software from all other types of software you have come up with this conclusion. But, that is an artificial wall, so I do not see why that should even be considered. In fact, this is a bit like me going around and beating people up and then saying, "What a fool you are, you should have been working out two hours a day every other day like I do". Who reasons like this? Look, if you don't want to condemn these actions, great. You have a right to do that. Just be sure and don't condemn anyone if you ever run their software and get trojanized because you did not bother to carefully examine the source. As for me, I will condemn this thing, as I would not do it to someone else, and I would not like it to be done to me... Regardless of the type of software it is. What other software has the German police trojanized? Is it just this?
Current thread:
- Popular Net anonymity service back-doored Thomas C. Greene (Aug 21)
- Re: Popular Net anonymity service back-doored Florian Weimer (Aug 21)
- Re: Popular Net anonymity service back-doored Thomas C. Greene (Aug 21)
- Re: Popular Net anonymity service back-doored Aron Nimzovitch (Aug 21)
- RE: Popular Net anonymity service back-doored Drew Copley (Aug 21)
- Re: Popular Net anonymity service back-doored Bernhard Kuemel (Aug 26)
- Re: Popular Net anonymity service back-doored Alex Russell (Aug 21)
- Re: Popular Net anonymity service back-doored nordi (Aug 22)
- Re: Popular Net anonymity service back-doored Thomas C. Greene (Aug 21)
- Re: Popular Net anonymity service back-doored Florian Weimer (Aug 21)
- Re: Popular Net anonymity service back-doored Andreas Kuntzagk (Aug 21)
- RE: Popular Net anonymity service back-doored Drew Copley (Aug 21)
- Re: Popular Net anonymity service back-doored Richard Stevens (Aug 21)
- RE: Popular Net anonymity service back-doored Drew Copley (Aug 21)
- Re: Popular Net anonymity service back-doored MightyE (Aug 21)
- JAP unbackdoored Kristian Koehntopp (Aug 27)