Author: intrigeri Date: To: The Tails public development discussion list Subject: Re: [Tails-dev] Tails contributors meeting: Wednesday September 03
(sajolida)
hi,
ihave2p wrote (21 Aug 2014 18:21:28 GMT) : > In all honestly, I see no reason why anyone using Tails 1.1 should *not* use i2p for
> irc2p because the security issues in 0.9.13 had nothing to do with irc2p and was
> nothing more than an XSS related issue. Like any XSS issue, as long as one doesn't
> click on any suspicious links from users that they don't know while in irc, I don't
> foresee any problems.
I think that you're underestimating the impact of the issue, and
overestimating the difficulty of setting up the attack.
First, it's an XSS issue that allows the attacker to *deanonymize*
users, which is one of the worst things that can happen in the context
of Tails.
Second, there are many other ways to get a user into visiting a given
URL, and many other weak links than the one described above.
So, I don't think that we should rely on I2P in Tails, for our
contributors meeting, until a fixed Tails has been released.
But once it's out (that is, starting with the October meeting),
I'm all for trying this out!