>1. Are users of .onion services protected from the server just as well as the hidden service is protected?
An .onion server, AFAIK, might have the IP of the end point your traffic ended up going through to reach the .onion server, but not of the point of origin.
The vulnerability with Tor, as a user, comes from folks operating the Tor nodes. Adrian Lamo, the guy that sold out Bradley Manning, was running Tor nodes at one points (that's not how he got wind of Manning, but my guess is he wasn't running the Tor nodes for altruistic reasons).
> An .onion server, AFAIK, might have the IP of the end point your traffic ended up going through to reach the .onion server, but not of the point of origin.
Correct. All any tor node gets with any traffic is the immediate node that it came from, and the immediate node that it is going to - only one hop in each direction.
If you get a packet from node C, to give to node E, that packet will be encrypted so that only E can decrypt it. They then "unwrap it" (like pass the parcel, or an onion) to reveal its next destination, F - and this unwrapped one is encrypted so that only F can read it.
(note: precise technical details almost certainly incorrect, but the principle is accurate)
1) yes, in fact more so, because they rely upon no fixed keys
2) there is zero reassurance, there is also zero reassurance gmail isnt sending all your mail to the NSA, etc. TOR helps you ensure you can keep you tormail and your clearnet identities as separate as possible, alternatively, run your own service.
As stated in a comment above, using PGP/GPG could help. If those emails are encrypted, that adds an extra layer of security around the contents of those emails.
(Of course, that rests on the security of prime-number encryption, which may not be the best assumption when dealing with the NSA, but that's another discussion.)
2. You can't ever know for sure but doesn't necessarily matter. The point of tor is NOT to keep your activities secret (for example, your exit node would be able to read any plaintext traffic you send, such as regular HTTP, or IRC, and also know your patterns of access - which IPs, how much data, etc) - it is to disconnect the ownership of those activities from your "real life" identity.
Assume anyone can read those emails you're sending on Tor, and act accordingly (i.e. no information that could identify you).
I think SAP is referring to an external entity having an influence on a government's judicial process, not necessarily strictly private. Whether it's the US Government or a special interest group. Assange's case included.
I don't think that is the intended statement at all. Please reread this sentence:
> There's several cases, most notably Assange and [...] that indicate that private entities are putting pressure on governments, who in turn put pressure on their peers in other countries.
Converting the stage 1 bootstrapping compiler to C++ is a bad idea IMO. There any many embedded platforms without a C++ compiler (except perhaps downrev gcc).
While it doesn't require a C++ compiler, in the last few years it has required an increasing list of fairly modern libraries. I don't think requiring a C++ compiler will make things that much harder.
It is a matter of judicial law that was inherited via common law of England. The US government now takes the place of the king -- the 'sovereign'. This has no place in a democracy, and is not supported by the constitution, in my opinion.
That is actually one of the primary purposes of giving the people the right to bear arms. If you are not successful, however, expect to bear the consequences.
Lots of reasons. If encryption is ever to become widespread, it needs to accomodate the myriad of situations that users might need computing/communication in. Which is a lot.
I've seen this implemented (in a very special case) with statically-linked GPG on a USB drive and a Crypto Stick[1]. Better than JavaScript (because you don't need to rely on an untrustworthy interpreter), and the keys never leave the smart card. The big limitation is that you need admin access to the system if you need to install drivers for the smart card.
The New York City metro area has a population of about 20M. NYT has only really expanded into the national market in the last 15 years. It is primarily a local/regional paper. NYC has a higher periodical subscription rate than other regions, partly due to the reliance on mass transit. NYT competes with the Wall Street Journal and other local/regional dailies.
