Silk Road forums
Discussion => Security => Topic started by: comsec on July 05, 2013, 02:27 am
-
Cryptocat is basically a pile of shit: http://tobtu.com/decryptocat.php
If you used it between October 17th, 2011 to June 15th, 2013 assume your messages were compromised. Actually, if you've ever used it assume you were compromised because it's entire design is flawed.
Nobody here would be foolish enough to use it right? Especially if you were/are a Tails user then you would remember the saga of FireGPG and how they ripped it out due to any in-browser or java crypto being useless and full of leaky side channels. Java runs in a VM, without direct access to the CPU it's impossible to eliminate side channels.
Gibberbot (Android XMPP/Jabber app) is subject to practical MITM attacks unless you have Orbot (Tor for Android) and only connect to .onion XMPP servers. http://www.thoughtcrime.org/blog/strongtrustmanager-mitm/
Note that all clients of OnionKit are affected which includes Orbot itself, since I believe it uses OnionKit libraries. If I were you guy's I wouldn't trust anything Guardianproject.info releases after seeing they clearly have no clue what they are doing, though noble are their intentions of course. Only use Orbot for casual tor surfing don't rely on it for strong anonymity, use your laptop/computer/anything else with regular torproject.org software. If you don't trust Tails/Liberte Linux nothing stopping you from downloading the regular 32bit Tor Linux binary from torproject.org and running it off Tails or Liberte desktop.