Čvn 12

Lets Encrypt Email Leak Shows Flaws in Centralized Trust

Source: bitcoin


Let’s Encrypt, a Free, Open source Certificate Authority, announced that they have unintentionally leaked thousands of emails in their subscriber mailing list yesterday, to those same subscribers. The organization disclosed that 7,618 emails were compromised and that the same number of users were given said emails in varying quantities as the automated email chain grew in size.

Read Also: KickAssTorrents Brings Official Tor Hidden Service Live

‘Minor’ Email Breach Raises Questions

The leak occurred during a mass email about a change to their subscription agreement, when an automated mailer-bot added previous recipients of the email to the body of each subsequent message in error. Each new email contained one more address than the last, meaning only those that received one of the bad emails had their address leaked, with the exception of the first and final emails on the chain. No other personal information was leaked, and there has not been a security breach of Let’s encrypt’s site or services.

This is not, unfortunately, the first security issue Let’s Encrypt has faced, as malware was found earlier this year that had been signed by the free Certificate Authority. It is important to note, however, that less than 2% of their mailing list was affected by the leak, which was addressed promptly by the nonprofit:

“We take our relationship with our users very seriously and apologize for the error. We will be doing a thorough postmortem to determine exactly how this happened and how we can prevent something like this from happening again. We will update this incident report with our conclusions.”

If you subscribe to the Let’s Encrypt mailing list, all you can do at present is check your inbox, shake your head, and refuse any shady solicitations from data miners and ad-serving networks. No matter how small or inconsequential this breach was, it is still emblematic of the inherent flaws in centralized trust on the web.

Thoughts on the email leak? Leave them in the Comments below!

Images Courtesy of let’s encrypt

The post Lets Encrypt Email Leak Shows Flaws in Centralized Trust appeared first on Bitcoinist.net.

Lets Encrypt Email Leak Shows Flaws in Centralized Trust

Úno 03

Bitcoin Mixing Services Were Never Meant to Be A Part of Digital Currency

Source: bitcoin


Whether or not Bitcoin mixing services will ever be very useful to the Bitcoin ecosystem, remains to be seen for now. Digital currency was never intended to be anonymous, and any service claiming to provide something else requires users to put their funds and faith into the hands of a third party. Plus, users have to rely on Tor to access certain Bitcoin mixing services, which only makes the whole process even more complicated. Not to mention how there is always a risk of losing funds.

Also read: Six Ethereum Projects and its Five Competitors

Bitcoin Mixing Is Not For Everybody

There are several ways to go about using a Bitcoin mixing service. First and foremost, most of these services will offer a web interface users can access without any trouble. Just fill in the details, send the funds, and Bob’s your uncle. All in all, this process takes less than five minutes, and will ensure your coins are mixed and untraceable to the original address you sent them from.

But for those users who want to be part of an entirely anonymous Bitcoin mixing experience, extra steps will need to be taken. Most users will opt to make use of Tor, an Internet protocol that will allow users to access the part of the Internet not index by search engines, also known as the Dark Web. A lot of websites on the Dark Web are less than legitimate, to say the last, and apparently, Bitcoin mixing services fall into that category as well, due to their potential for money laundering.

This is where things can get quite confusing very fast, as the Tor protocol is vastly different from a regular browsing experience. Accessing platforms and web pages on the Dark Web not as easy as entering “google.com”, for example. Any error in the Tor website address can redirect users to an identical copy of the right site, but the results will be vastly different.

One of the only ways to ensure Tor users visit the page they are looking for is by enforcing HTTPS connections. Doing so ensures only whitelist websites can be accessed, and even if the user came across a scam site, they would see a significant warning sign in the browser window itself.

It is clear for anyone to see there are quite a few different technical hoops one must jump through to anonymize a Bitcoin balance. On top of that, users have to put their faith in the Bitcoin mixing service itself, as there are no guarantees funds will ever arrive at their destination.

Bitcoin Was Never Meant To Be Anonymous

When it comes to Bitcoin itself, the modern digital currency was clearly never intended to be used in an anonymous way. With transactions recorded on a public ledger visible to the entire world, it is all but impossible to hide where funds come from and go to. One way to bypass this “limitation” is by using a Bitcoin mixing service.

But herein lies another problem, as Bitcoin is all about decentralization and removing the need for third-party service providers. Every Bitcoin mixing service is a third party, and their business model does not stroke with the original goal of Bitcoin. Users are put in full control of their finances, and that means giving up any thoughts of anonymity one might have.

What are your thoughts on Bitcoin mixing services and Tor? Let us know in the comments below!

Source: Reddit

Images courtesy of Tor, Shutterstock

The post Bitcoin Mixing Services Were Never Meant to Be A Part of Digital Currency appeared first on Bitcoinist.net.

Bitcoin Mixing Services Were Never Meant to Be A Part of Digital Currency