Tor problem
in [UK Linux]
|
From: Martin Gregorie on 4 Dec 2009 20:09 On Fri, 04 Dec 2009 20:26:42 +0000, Nix wrote: > On 4 Dec 2009, Paul Martin verbalised: > >> In article <hfb1oi$jam$2(a)localhost.localdomain>, >> Martin Gregorie wrote: >>> On Fri, 04 Dec 2009 00:16:48 +0000, Nix wrote: >> >>>> (Note to people planning to use it for stuff the govt does not like: >>>> if you transmit unencrypted authentication tokens over that link, the >>>> Tor exit nodes can spy on it. Tor does not make encryption >>>> unnecessary, if anything it makes it *more* necessary because the >>>> data flows through many more untrusted nodes than normal.) >>>> >>> I'd assumed that some degree of encryption would be needed -something >>> like privoxy to clean up outgoing messages and then an encrypted VPN >>> tunnel to the nearest Tor node, or have I misunderstood how you >>> connect to it? >> >> Tor uses encryption between you and the nearest node, and encryption >> between nodes. > > My point was that the exit nodes can necessarily see your data. > Do I care if the IP can't be traced back and privoxy and/or another scrubber has removed fingerprints from the outgoing massage? -- martin@ | Martin Gregorie gregorie. | Essex, UK org |
From: Nix on 5 Dec 2009 09:26 On 5 Dec 2009, Martin Gregorie uttered the following: > On Fri, 04 Dec 2009 20:26:42 +0000, Nix wrote: > >> On 4 Dec 2009, Paul Martin verbalised: >> >>> In article <hfb1oi$jam$2(a)localhost.localdomain>, >>> Martin Gregorie wrote: >>>> On Fri, 04 Dec 2009 00:16:48 +0000, Nix wrote: >>> >>>> I'd assumed that some degree of encryption would be needed -something >>>> like privoxy to clean up outgoing messages and then an encrypted VPN >>>> tunnel to the nearest Tor node, or have I misunderstood how you >>>> connect to it? >>> >>> Tor uses encryption between you and the nearest node, and encryption >>> between nodes. >> >> My point was that the exit nodes can necessarily see your data. >> > Do I care if the IP can't be traced back and privoxy and/or another > scrubber has removed fingerprints from the outgoing massage? No, you don't. But a lot of people forget that, assume 'Tor, therefore safe', don't encrypt what they do, then transmit personally identifying credentials along the Tor link. Whoops.
First
|
Prev
|
Pages: 1 2 3 4 Prev: Free Software Masters in EU - students line up fast Next: Wireshark query |