[liberationtech] What happened to Prism? (was Re: Whatsapp, a Trojan horse for seekers of easy privacy?)

Aymeric Vitte vitteaymeric at gmail.com
Sat Jan 17 06:38:20 PST 2015 

Le 17/01/2015 14:57, hellekin a écrit :
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 01/17/2015 08:08 AM, Aymeric Vitte wrote:
>
>> But you still need to trust: the browsers, the OS, the hw... which is
>> quite a lot...
>>
> *** The browser is problematic with javascript because of the global
> context.  I wonder why the Mozilla Prism project was abandoned.  I
> allowed to isolate a single site or application, and that certainly
> sounds a lot saner than running the whole world in the same place.

Not really, this is problematic if you try to run several instances/apps 
on the same page, because some apps could possibly attack the other apps 
just using the DOM, but some solutions to sandbox each app start 
existing, please see the links in [1]

Talking about a single app in a single page, where the js code is 
sandboxed and that does not give any chance to anything outside of the 
app to execute, the problem does not exist, please someone tell me how 
to attack the Peersm code.

Maybe the confusion comes from the fact that a "js app" is always 
associated to a "web app" which interacts with a server and possible 
things outside of the server while the former don't, except for code 
retrieval, but the "js app" does not necessarily need a server, it can 
be autonomous as explained in [2] "What do you mean by standalone?"

[1] https://lists.torproject.org/pipermail/tor-talk/2014-October/035209.html
[2] http://www.peersm.com/?news

>
> ==
> hk
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQJ8BAEBCgBmBQJUumpHXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
> ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQ0IyNkIyRTNDNzEyMTc2OUEzNEM4ODU0
> ODA2QzM2M0ZDMTg5ODNEAAoJEEgGw2P8GJg9xr4P/iRtUBcbgVjlRnzN+DZobTmf
> nd8ZoWEmKGJZ0hvbF48t/TtQ3LuRr5ml1KbkH4sTBd/6C43QgOZ/OnfSoX+7wQDS
> 63lkdKp0EUZ8F7Hcg8nC4I53Nd22Xrq8ang/oU6osi6VSEZl6978YxpLYuMJWvV6
> foZH10/wgVnd9oldX8MgKEB1X9XFfgvMDHpzFvBdb1+gJiu4rKLqq8COYaDfmf/F
> 1FcPfRMI1QdcCN4VaLfirajWf9WXLx07+syWdVzr783HOUCRGWuz/QStgg/LPA+i
> hNJojzuCgL2Ypvw4+5ORADItEwwGdkz5Ma2rtiQac5Wm/Fo7t48lMXhSQWj/RZdm
> YNcl0E62u4u5mYuvzCWj4Kvv8z7bFdK+leJ8ns7cyvIAMhiTbLctMGWffDgA3T0T
> sD3+Vie6av1CZ8f9MVHAohaXAQWTHvP7GftuQdlKeSIz2sKgi1af2JhkGKVrbrHD
> LOn/67VkaR7nnuYXGhhGHCGneY01s0tPeJNi4WdgOIpTaJVWu1/S6GbcGA2z3Nxl
> jnaBCugA+5tVnNzqHwqk2JdIvhzLgqkYLC0JXaL4pygE0Of6VrrLt1wqpHh7hmeJ
> PHb/a8L5NTsyKEa+cQ7QAnGAhBKb1QcpXpO2KtL6RLHw3/GvRqLqW/r9dnEhRh60
> /qBPdYFBNaudI8ShkVN+
> =nm/b
> -----END PGP SIGNATURE-----

-- 
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

More information about the liberationtech mailing list