[liberationtech] Satori - distributed tamper-resistant circumvention tools

[Andrew Cady]

On Sat, May 03, 2014 at 02:51:43PM -0400, Nathan Freitas wrote:
>
> On May 2, 2014 8:46:08 PM EDT, Griffin Boyce <griffin at cryptolab.net>
> wrote:
>
> > On 2014-05-02 20:35, Andrew Cady wrote:
> >
> > > On Fri, May 02, 2014 at 05:22:11PM -0400, Griffin Boyce wrote:
> > >
> > > > I can't be vanned/rubber-hosed because I don't actually know the
> > > > password to my Google developer account.
> > >
> > > If you can upload code -- with or without a password -- then
> > > you can be forced to upload malicious code (assuming you are
> > > vulnerable to vans and rubber hoses).
> >
> > As could someone at Microsoft, Apple, or Canonical.  My current
> > system fails closed pretty hard, even in the case of, say, someone
> > breaking into my apartment.  The benefit of the project being
> > open-source is that such a change wouldn't go unnoticed.  And it's
> > trivial to fetch the extension code from Google and compare it.
>
> Automated distributed deterministic build comparisons FTW!
>
> Seriously, it seems like we are pretty close with such a thing for
> Android APKs, so perhaps Chrome extension bundles could be added to
> the list, as well.

Certainly, deterministic builds serve a valid and useful security
purpose.

However, they do nothing to protect against the threat of "rubber hose"
attacks on a developer, because in such cases, it is not the binary, but
the source that is compromised.

As far as Chrome extensions, they are written in javascript, so
deterministic builds are inapplicable anyway.