[tor-talk] NSA TAO Exploit of Whonix Qubes - EGOTISTICALSHALLOT - Martin Peck

carlo von lynX lynX at time.to.get.psyced.org
Sun Dec 7 10:50:40 UTC 2014

On Sun, Dec 07, 2014 at 02:27:44AM -0800, coderman wrote:
> Whonix on Qubes OS represents defense in depth unlike any other
> system. as such, it is a likely target, like Tails and the Tor Browser
> before it.

This question may spell a change of topic, but wouldn't
it make much more sense to introduce backdoors into debian,
gaining thus access to any derivate distribution?

I know that currently 13600 packages of debian can be built
reproducible [1], but does that mean that at least those are
being distributed with reproducible binaries? I assume not.

My current state of information is such that any source-code
based distribution is less likely to be affected by backdoors
until debian and all derivates indeed ship reproducible binaries.
If Whonix can be rebuilt from source, so can Qubes OS?

Why bother with Whonix or TAILS specifically? Making use of
backdoors is in any case risky since folks like us may have
the competence to notice those activities going on... and
possibly document how they work.

But what do I know. The more I dig into this, the more I gather
how much I am left in the dark.

[1] https://jenkins.debian.net/userContent/reproducible.html


More information about the tor-talk mailing list