this post was submitted on 13 Nov 2023
310 points (95.3% liked)

Memes

45655 readers
1658 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
 

image transcription:
a YouTube screenshot of a community post, which is a meme regarding incognito mode. it has two panels with an animated figure(person) and chrome logo (chrome) with limbs. in first panel, chrome is asking "which website would you line to see?", to which the person replies " I don't want you to know. " in second panel, chrome has become a ventriloquist, holding a masked muppet with sunglasses and a fedora(symbol for incognito on chrome). it is asking the person "what about telling Mr. incognito?", to which the person joyfully replies "okay."

the screenshot has a main comment with several replies. the main comment(by Paula_Amato) reads, "And then there's Tor browser e CD Catching my brother Scrolling through Tor was the second worst secret I know about him... The first is the website he was using."

replies to the comment:

[30 Pranay Pawar • 1 day ago] May God bless and have mercy on the bro's life. I would knock myself out for eternity if anybody i know found that out too.
[FArid ch. • 1 day ago] what onion website your brother access... out of curiosity
[Griffin McKenzie • 1 day ago (edited)] Tor is literally just a browser like any other but better.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] -4 points 1 year ago (2 children)

It's open source, anybody can audit the code. Everybody can keep secret what they found and sell it.

[–] [email protected] 6 points 1 year ago

It's very likely that more than a single person would find an issue...

[–] [email protected] 2 points 1 year ago (1 children)

The NSA uses TOR themselves. Why would they even want it to be insecure?

[–] [email protected] 2 points 1 year ago

I'm not speaking of this project in particular.

Just saying, just because something is open source doesn't mean it has no vulnerability or backdoor in it's code.

There is plenty of example of vulnerabilities that existed for years in major open source projects. And there is definitely people that discover some zero day and straight up sell them and stay quiet.

If you look at some of the businesses in the market of zero day vulns you can see what they offer for good vulns.

Who cares if the NSA uses it. Or if they say they use it. They gain nothing in saying they use a specific product. But that's a good way to encourage others to use it. I certainly wouldn't trust the NSA on anything they say publicly.

You can backdoor a product just for you and still release it so other people you might be interested in will give you cool data. In cryptography this is not really an issue to have backdoors that only some people can use.