16 May 2013
The New Yorker StrongBox
A sends:
I was wondering your thoughts on the New Yorker Strongbox?
http://www.newyorker.com/online/blogs/closeread/2013/05/introducing-strongbox-
anonymous-document-sharing-tool.html
Cryptome:
StrongBox and similar initiatives are a positive sign that publishers are
recognizing that their constitutional privileges for protected communications
are being rapidly diminished -- thus becoming like all of us -- due to official
and unofficial capabilities to spy on all forms of communications.
StrongBox is at best only moderately secure due to its use of insecure-by-design
Tor and .onion. At worst it is highly insecure due to excessive and misleading
promotion of Tor and .onion, both easily spied upon services by officials,
their contractors and individuals who have the same hacking and cracking
skills.
Online communication of any kind is the weakest form of protection due to
the basic design of the Internet to allow system operators (and those who
have the same skills) to access all data as well as the weakness of most,
if not all, forms of publicly accessible encryption and comsec.
The weakness of any publicly accessible comsec is due to official requirements
to build-in means of access and to conceal those requirements with misleading
assurances to the public. It is now standard (perhaps always has been) in
the security field to promote security methods without acknowledging all
their weaknesses -- some may be revealed but not all.
Security experts claim that undisclosed weaknesses are far more valuable
than strengths because promoting widespread use of a trusted but faulty system
facilitates covert hacking and cracking.
Cryptome offers a brief guide for anonymous submissions:
http://cryptome.org/cryptome-anon.htm
|