if website providing download isn't secure, doesn't mean isp can cache evil fbi version of truecrypt? use of subpoenaed proxy caching?
how know getting real version? couldn't corrupt powerful agency force isp cache evil version, or force them intercept anybody's legitimate traffic, , replace bad version (with backdoor installed)? use truecrypt personal backups, financial documents, , school documents, , don't want insecure version "protecting" them.
- truecrypt doesn't use ssl, or web encryption. how can know download receiving doesn't have backdoors (riaa backdoors, mpaa backdoors, third-world-government backdoors, etc?)
- offer .sig pgp verification, don't know how use this...
missing something?
you don't, , doesn't matter single bit. if fbi or riaa wanted information "protected" truecrypt install, go , source (like bank or isp).
No comments:
Post a Comment