Donate for the Cryptome archive of files from June 1996 to the present

16 May 2013

The New Yorker StrongBox


A sends:

I was wondering your thoughts on the New Yorker Strongbox?

http://www.newyorker.com/online/blogs/closeread/2013/05/introducing-strongbox-
anonymous-document-sharing-tool.html

Cryptome:

StrongBox and similar initiatives are a positive sign that publishers are recognizing that their constitutional privileges for protected communications are being rapidly diminished -- thus becoming like all of us -- due to official and unofficial capabilities to spy on all forms of communications.

StrongBox is at best only moderately secure due to its use of insecure-by-design Tor and .onion. At worst it is highly insecure due to excessive and misleading promotion of Tor and .onion, both easily spied upon services by officials, their contractors and individuals who have the same hacking and cracking skills.

Online communication of any kind is the weakest form of protection due to the basic design of the Internet to allow system operators (and those who have the same skills) to access all data as well as the weakness of most, if not all, forms of publicly accessible encryption and comsec.

The weakness of any publicly accessible comsec is due to official requirements to build-in means of access and to conceal those requirements with misleading assurances to the public. It is now standard (perhaps always has been) in the security field to promote security methods without acknowledging all their weaknesses -- some may be revealed but not all.

Security experts claim that undisclosed weaknesses are far more valuable than strengths because promoting widespread use of a trusted but faulty system facilitates covert hacking and cracking.

Cryptome offers a brief guide for anonymous submissions:

http://cryptome.org/cryptome-anon.htm