[tor-dev] Future Onion Addresses and Human Factors

Philipp Winter phw at nymity.ch
Tue Aug 11 13:17:45 UTC 2015

On Mon, Aug 10, 2015 at 09:36:22PM +0000, Alec Muffett wrote:
> On Aug 10, 2015, at 2:00 PM, Philipp Winter <phw at nymity.ch> wrote:
> > Vanity addresses encourage people to only verify the human-readable part
> > of an address before clicking on it.  That creates a false sense of
> > security, which is already exploited by spoofed onion service addresses
> > whose prefix and suffix mimics the original onion address.
> That does strike me as a risk.
> That said, if an address is completely incapable, even hostile to
> validation by human eyeballs, then what happens is “trust” migrates to
> using a bunch of tools which are forgeable, spoofable, hackable,
> trojanable.

Right.  That's why I would integrate these tools into Tor Browser
instead of distributing them separately.


More information about the tor-dev mailing list