[tor-talk] Verifying signatures

Joe Btfsplk joebtfsplk at gmx.com
Sat Mar 24 22:59:31 UTC 2012

> On 03/20/2012 01:46 AM, Achter Lieber wrote:
> Hullo (',')
>   In light of some fairly recent postings about making it easier to 
> verify signatures on new Tor downloads, 

On 3/21/2012 9:35 AM, Christian Siefkes wrote:
> On 03/21/2012 12:46 PM, Jude Young wrote:
>> Sorry if this has been responded to, I've lost a few emails...
>> I don't believe the TBB has been high-jacked, but the TorButton Firefox
>> extension certainly has.
>> (Forgive my faulty memory
>> linky:http://www.securitynewsdaily.com/1201-anonymous-hackers-child-porn.html)
>> "Anonymous" apparently convinced firefox (or someone at FireFox? No one was
>> ever clear on this..) to upload a modified version.
> Uh, TorButton is free software, didn't you know that? Everybody can create
> and distribute a modified version, and that's what happened. It certainly
> proves that you shouldn't download software from untrusted sources (neither
> the Tor Project nor Mozilla was involved) and that you should verify the
> signatures of the software to use. None of that is news, of course.
Which was the point of OP, Achter.  Perhaps it could be made easier, 
tutorials on the Tor site, etc., to verify signatures.

More information about the tor-talk mailing list