On Mon, Aug 10, 2015 at 09:36:22PM +0000, Alec Muffett wrote:
On Aug 10, 2015, at 2:00 PM, Philipp Winter phw@nymity.ch wrote:
Vanity addresses encourage people to only verify the human-readable part of an address before clicking on it. That creates a false sense of security, which is already exploited by spoofed onion service addresses whose prefix and suffix mimics the original onion address.
That does strike me as a risk.
That said, if an address is completely incapable, even hostile to validation by human eyeballs, then what happens is “trust” migrates to using a bunch of tools which are forgeable, spoofable, hackable, trojanable.
Right. That's why I would integrate these tools into Tor Browser instead of distributing them separately.
Cheers, Philipp