SoylentNews

takyon [soylentnews.org] writes:

[+digital liberty]

The lead Tor Browser developer has written a blog post [torproject.org] detailing some of the measures the Tor Project will take to beef up security [theregister.co.uk] amidst the renewed Crypto War:

In a blog post timed for the start of Apple's now-delayed FBI showdown [theregister.co.uk], Mike Perry, lead developer of Tor Browser, said the project is stepping up efforts to keep its anonymizing [torproject.org] network free of government interference.

[...] The Tor Project [torproject.org], which is partially funded by the US government, has never received a legal demand for backdoors in its code nor the project's crypto keys, Perry said. Where Tor nodes are seized by police or "unknown actors," its keys are automatically blacklisted, he said. The open nature of Tor's code makes it likely a developer would spot backdoors sneaked into the system, Perry asserted, and the use of multiple cryptographic mechanisms and independent keys, along with reproducible builds of its code, make a single point of failure unlikely.

In light of Apple's battle with the FBI, the Tor Project is going to further toughen up its code base by rolling out a bug bounty program ahead of schedule, Perry said. In the not-too-distant future, the group will also list Tor browser binary hashes in the network's consensus document and then audit the consensus with a certificate transparency-style log [torproject.org] that would raise an alert if the majority of the directory authority keys were stolen or Tor browser downloads were tampered with.

Original Submission