On Aug 10, 2015, at 2:00 PM, Philipp Winter phw@nymity.ch wrote:
Vanity addresses encourage people to only verify the human-readable part of an address before clicking on it. That creates a false sense of security, which is already exploited by spoofed onion service addresses whose prefix and suffix mimics the original onion address.
That does strike me as a risk.
That said, if an address is completely incapable, even hostile to validation by human eyeballs, then what happens is “trust” migrates to using a bunch of tools which are forgeable, spoofable, hackable, trojanable.
The resultant risk might be worse for its greater resistance to detection.
-a
ps: for an investigation of what happens when you build a “communities” app around “non-human-readable” barcodes and without a discovery mechanism, see this article; such innovation gives me great hope for humanity finding solutions to apparently high-friction technologies, but it also clearly hampers broader inclusiveness, the latter arguably being one of Tor’s most important goals:
http://mashable.com/2014/10/24/hacks-facebook-rooms/ http://mashable.com/2014/10/24/hacks-facebook-rooms/
— Alec Muffett Security Infrastructure Facebook Engineering London