[liberationtech] Satori - distributed tamper-resistant circumvention tools
Griffin Boyce
griffin at cryptolab.net
Fri May 2 17:46:08 PDT 2014
On 2014-05-02 20:35, Andrew Cady wrote:
> On Fri, May 02, 2014 at 05:22:11PM -0400, Griffin Boyce wrote:
>
>> No, though I have two-factor authentication using a secure device
>> (not a cell phone), and I can't be vanned/rubber-hosed because I don't
>> actually know the password to my Google developer account. Some
>> of this does require trust that I have a secure signing/uploading
>> environment.
>
> If you can upload code -- with or without a password -- then you can be
> forced to upload malicious code (assuming you are vulnerable to vans
> and
> rubber hoses).
As could someone at Microsoft, Apple, or Canonical. My current system
fails closed pretty hard, even in the case of, say, someone breaking
into my apartment. The benefit of the project being open-source is that
such a change wouldn't go unnoticed. And it's trivial to fetch the
extension code from Google and compare it.
~Griffin
More information about the liberationtech
mailing list