On a side issue - I wonder how Google Project Zero decides what to audit - their FAQ does focus on common software libraries, browsers etc, but their recent focus on Tor (which found 3 CVEs), makes me wonder if they’d ever look at little ole Whonix if a friendly email was dropped their way.
If anyone was to find major flaws, it would be that team. They have ripped apart M’soft, iOS, various browsers, Xen, the Linux kernel and various software apps in their history. I think they found 1,700+ bugs to date.
Since Whonix has never had a formal audit, experienced eyes over sdwdate and other Whonix packages would be very welcome. If Whonix is a high profile target (possible), you can be guaranteed any serious adversaries would have likely found flaws despite it’s relatively “simple” design/status.
It’s not completely out of the question; the team members get 20% of their paid time to work on pet topics/issues of their choice. Maybe one of them has an anonymity software bent.
Formed in 2014, Project Zero is a team of security researchers at Google who study zero-day vulnerabilities in the hardware and software systems that are depended upon by users around the world. Our mission is to make the discovery and exploitation of security vulnerabilities more difficult, and to significantly improve the safety and security of the Internet for everyone.
I added that - not time-consuming IMO. Just needs keeping up with Tor blog posts (which I do already) when they mention it again in the future.
It also answers questions from anybody who talks about not being able to access Tor without bridges - the reason is their location is using active probing (probably), whch means their only hope is using obfs4 or other protocols.
To not delay further the publishing of your material, having looked at pages that have Creative Common-licensed material on the Internet, I believe all you have to do is the following:
Add this as a footer on relevant pages on your website: Creative Commons 4.0 Attribution International License.
Would I have to put it in all pages or could I just add some text in the about section of the home page to say that everything on the site is licensed under it? My website doesn’t really have a footer and I don’t want it to look out of place.
Also, I’ve overhauled most of my articles now, primarily the Linux and Firefox ones.
A non-default, opt-in is copyrighted and licensed under […].
So yeah, it needs to be on every page. [1]
That’s why Linux uses the SPDX license identifier for every source file.
[1] You could also add the licensing as a [HTML] comment (SPDX?) on top of every source file?
[1] Quote GPLv2 license:
(File /usr/share/common-licenses/GPL-2 on Debian systems.)
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
Recently there has been lots of talk about Startpage being acquired (or at least partially acquired) by a US company called Privacy One Group, which is a division of System1, a “data science” company that specializes in targeted advertising.
…
With that being said, my general rule here at Restore Privacy is to only recommend products and services that I would personally trust and use myself. Therefore I will not be recommending Startpage as a private search engine due to some lingering concerns I have. These concerns include:
The fact that System1 has acquired a stake in Startpage and is not disclosing the details.
The history and business model of System1, which includes gathering “as much data as possible” and profiling users for targeted ads.
The board of directors change at Surfboard Holding BV, to appoint the System1 co-founder and an outside investor.
The nine-month delay in alerting the public to these changes, and then announcing it as a “most recent” change.
The contradictory business models of System1 and a truly private search engine.
startpage has only 1 mention for Tor relay ban, that’s it? No special endorsement whatsoever. Also google cache is mentioned there. If we’re super strict at in that place then the user would have even less working options to view any websites that block Tor exists. At no time it’s implied that using such services improve privacy. Necessarily such workaround worsen privacy. Perhaps worth pointing that out and/or linking to * Unsubstantiated Conclusions?
We as a privacy by technology project should be careful and not get lost in endless debates on privacy by policy / legal / company valuation. Related:
I.e. which company bought which one, who are the people behind it.
It’s very complex. Often non-verifiable. Good arguments can be made for opposite viewpoints. I don’t think there can be a methodology that could be applied consistently.