[tor-dev] Future Onion Addresses and Human Factors
Philipp Winter
phw at nymity.ch
Tue Aug 11 13:17:45 UTC 2015
On Mon, Aug 10, 2015 at 09:36:22PM +0000, Alec Muffett wrote:
> On Aug 10, 2015, at 2:00 PM, Philipp Winter <phw at nymity.ch> wrote:
> > Vanity addresses encourage people to only verify the human-readable part
> > of an address before clicking on it. That creates a false sense of
> > security, which is already exploited by spoofed onion service addresses
> > whose prefix and suffix mimics the original onion address.
>
> That does strike me as a risk.
>
> That said, if an address is completely incapable, even hostile to
> validation by human eyeballs, then what happens is “trust” migrates to
> using a bunch of tools which are forgeable, spoofable, hackable,
> trojanable.
Right. That's why I would integrate these tools into Tor Browser
instead of distributing them separately.
Cheers,
Philipp
More information about the tor-dev
mailing list