[liberationtech] Satori - distributed tamper-resistant circumvention tools
Nathan Freitas
nathan at freitas.net
Sat May 3 11:51:43 PDT 2014
On May 2, 2014 8:46:08 PM EDT, Griffin Boyce <griffin at cryptolab.net> wrote:
>On 2014-05-02 20:35, Andrew Cady wrote:
>> On Fri, May 02, 2014 at 05:22:11PM -0400, Griffin Boyce wrote:
>>
>>> No, though I have two-factor authentication using a secure device
>>> (not a cell phone), and I can't be vanned/rubber-hosed because I
>don't
>>> actually know the password to my Google developer account. Some
>>> of this does require trust that I have a secure signing/uploading
>>> environment.
>>
>> If you can upload code -- with or without a password -- then you can
>be
>> forced to upload malicious code (assuming you are vulnerable to vans
>> and
>> rubber hoses).
>
>As could someone at Microsoft, Apple, or Canonical. My current system
>fails closed pretty hard, even in the case of, say, someone breaking
>into my apartment. The benefit of the project being open-source is
>that
>such a change wouldn't go unnoticed. And it's trivial to fetch the
>extension code from Google and compare it.
>
Automated distributed deterministic build comparisons FTW!
Seriously, it seems like we are pretty close with such a thing for Android APKs, so perhaps Chrome extension bundles could be added to the list, as well.
More information about the liberationtech
mailing list