Djones Boni: > A better idea is offer both SSL and a Tor Hidden Service. You choose > which use.
Yes, having both is better. Only relying on Tor Hidden Services wouldn't be a good idea. Offering as an option would be awesome! > Do not forget Tor encryption is not considered secure anymore. There are of course a lot opportunities in Tor and Hidden Services for improvements, but please consider, that there are no reports that either Tor or Hidden Services were ever successfully deanonymized.* The latest information we got is still "We will never be able to de-anonymize all Tor users all the time" [1] - so it's worth going for it. [1] http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document * detective work and/or exploiting the server or client software behind Tor is another story -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/526fa1a8.6040...@riseup.net
