![]() We are also currently accelerating the development of a vulnerability-reporting reward program to encourage external software developers to look for and report any vulnerabilities that affect our primary software products. ![]() This isn't surprising: we've been public about our " no backdoors, ever" stance, we've had clear public support from our friends at EFF and ACLU, and it's well-known that our open source engineering processes and distributed architecture make it hard to add a backdoor quietly.įrom an engineering perspective, our code review and open source development processes make it likely that such a backdoor would be quickly discovered. The Tor Project has never received a legal demand to place a backdoor in its programs or source code, nor have we received any requests to hand over cryptographic signing material. This use of multiple independent cryptographic mechanisms and independent keys reduces the risk of single points of failure. Finally, the updates themselves are also protected by strong cryptography, in the form of package-level cryptographic signatures (the Tor Project signs the update files themselves). These requests also use HTTPS encryption and pinned HTTPS certificates (a security mechanism that allows HTTPS websites to resist being impersonated by an attacker by specifying exact cryptographic keys for sites). The Tor Browser downloads its software updates anonymously using the Tor network, and update requests contain no identifying information that could be used to deliver targeted malicious updates to specific users. Moreover, anyone can obtain our source code and produce bit-for-bit identical copies of the programs we distribute using Reproducible Builds, eliminating the possibility of single points of compromise or coercion in our software build process. Our primary product, the Tor Browser, is fully open source. The Tor Project employs several mechanisms to ensure the security and integrity of our software. ![]() Any weakness introduced to help a particular government would inevitably be discovered and could be used against all of our users. And for all of them, that privacy depends upon the integrity of our software, and on strong cryptography. Even in Western societies, studies demonstrate that intelligence agencies such as the NSA are chilling dissent and silencing political discourse merely through the threat of pervasive surveillance.įor all of our users, their privacy is their security. These users include bloggers reporting on drug violence in Latin America dissidents in China, Russia, and the Middle East police and military officers who use our software to keep themselves safe on the job and LGBTI individuals who face persecution nearly everywhere. We therefore stand with Apple to defend strong encryption and to oppose government pressure to weaken it. In an age when people have so little control over the information recorded about their lives, we believe that privacy is worth fighting for. The strong encryption built into our software is essential for their safety. The Tor Project exists to provide privacy and anonymity for millions of people, including human rights defenders across the globe whose lives depend on it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |