tag:blogger.com,1999:blog-2920277117928389647.post5773148797902897142..comments2007-09-10T16:01:11.576-05:00Bruce K. Marshallhttp://www.blogger.com/profile/07397177700712500000noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-2920277117928389647.post-6297857793239711752007-09-10T16:01:00.000-05:002007-09-10T16:01:00.000-05:00Dan's name is an anagram of "deranged" -- he goes by Dan in email he sent me. He's a security researcher, and his point that people should use more encryption couldn't be more to the point.<BR/><BR/>People in the security space have tried to make people aware of these issues over and over, but it always seems remote to the user. Although in some blogs and news stories, Tor is taking the brunt of this story, I hope we can all embrace it as a teachable moment, which I feel is the spirit of your story.<BR/><BR/>The Tor Network is set up with a security architecture that preserves anonymity to users who use end-to-end encryption and don't allow client-side tech to sidestep their privacy measures. We are set up so that even if some of our network is in the hands of bad players, the prudent user is protected.<BR/><BR/>However, we know all our users are not prudent. Despite all our notices on our download page, our FAQ, our wiki, our documentation, in our technical articles, in interviews, and so on...despite this, people do not use our software as part of a comprehensive strategy and/or policy to best protect privacy and security.<BR/><BR/>It took ages to get people in general to look for https or the lock icon on pages where they entered a credit card. How much longer will it take, do you think, until they do the same with a password?<BR/><BR/>Shava Nerad<BR/>Development Director<BR/>The Tor ProjectShavahttp://www.blogger.com/profile/10627239054521159514noreply@blogger.com