Re: [Tails-dev] Tails contributors meeting: Wednesday Septem…

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Tails contributors meeting: Wednesday September 03 (sajolida)
hi,

ihave2p wrote (21 Aug 2014 18:21:28 GMT) :
> In all honestly, I see no reason why anyone using Tails 1.1 should *not* use i2p for
> irc2p because the security issues in 0.9.13 had nothing to do with irc2p and was
> nothing more than an XSS related issue. Like any XSS issue, as long as one doesn't
> click on any suspicious links from users that they don't know while in irc, I don't
> foresee any problems.


I think that you're underestimating the impact of the issue, and
overestimating the difficulty of setting up the attack.

First, it's an XSS issue that allows the attacker to *deanonymize*
users, which is one of the worst things that can happen in the context
of Tails.

Second, there are many other ways to get a user into visiting a given
URL, and many other weak links than the one described above.

So, I don't think that we should rely on I2P in Tails, for our
contributors meeting, until a fixed Tails has been released.

But once it's out (that is, starting with the October meeting),
I'm all for trying this out!

Cheers,
--
intrigeri