Prev: FBI wants records kept of Web sites visited
Next: Netgear - XE103 vs XET1001 - what's different
From: Jeff Liebermann on 14 Feb 2010 21:04
On Mon, 15 Feb 2010 01:41:24 +0000 (UTC), p
<p(a)Use-Author-Supplied-Address.invalid> wrote:

>Explain to me what harm you'd be able to do on an end to end
>encrypted tor connection, as I use with any sensitive data exchange?

I was under the impression that TOR was an anonymizer, not an end to
end encryption tunnel as in a VPN. The data sent between the TOR exit
proxy server and the destination is not encrypted.
<http://en.wikipedia.org/wiki/Tor_(anonymity_network)>
Tor cannot and does not attempt to protect against monitoring
of traffic at the boundaries of the Tor network, i.e., the
traffic entering and exiting the network.

TOR is great security if you don't want anyone to know where your
packets are coming from, but not very useful if you're worried about
someone sniffing your "sensitive data".

I don't have an answer to what harm you might do using TOR.
Inflamatory political messages, stalking ex-spouses, spam, hate mail,
impersonating someone, online hacking, disagreeing with me, and other
internet activities where hiding your identity would be required,
seems like a good start.



--
Jeff Liebermann jeffl(a)cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
From: p on 14 Feb 2010 21:04
John Navas <spamfilter1(a)navasgroup.com> wrote in
news:5nnen5hpab00ggpiisuuspe4ldoahp1qfg(a)navasgroup.com:

> On Sat, 13 Feb 2010 20:34:15 +0000 (UTC), p
> <p(a)Use-Author-Supplied-Address.invalid> wrote in
> <f517c01ae1c0db874b6851396a06f024(a)tioat.net>:
>
>>Since I am connecting from am unencrypted public AP, I won't be
using
>>their sniffer ;-). I used TOR when I need to keep my data
transfers
>>private, so I guess I might try it with TOR.
>
> What makes you think Tor is actually real protection? Faith?
> <http://en.wikipedia.org/wiki/Tor_%28anonymity_network%29
#Weaknesses>
> And those are just the _known_ weaknesses.
> I'm reminded of WEP. And TKIP. And on and on.
>

(Don't know what happened to my newserver, but hiccups occur
occasionally.)

There is nothing that you can get when using TOR if the connection
is SSL because it is encrypted end to end. The only people who
possible can read data (other than garbage encryption) is people
like the NSA and since I am not a terrorist, I have little to fear
from them.
From: p on 14 Feb 2010 22:45
Jeff Liebermann <jeffl(a)cruzio.com> wrote in
news:1r9hn51f3i444hdt60ls6bd2mqs5i3ica7(a)4ax.com:

> On Mon, 15 Feb 2010 01:41:24 +0000 (UTC), p
> <p(a)Use-Author-Supplied-Address.invalid> wrote:
>
>>Explain to me what harm you'd be able to do on an end to end
>>encrypted tor connection, as I use with any sensitive data
exchange?
>
> I was under the impression that TOR was an anonymizer, not an end
to
> end encryption tunnel as in a VPN. The data sent between the TOR
exit
> proxy server and the destination is not encrypted.
> <http://en.wikipedia.org/wiki/Tor_(anonymity_network)>
> Tor cannot and does not attempt to protect against monitoring
> of traffic at the boundaries of the Tor network, i.e., the
> traffic entering and exiting the network.
>
> TOR is great security if you don't want anyone to know where your
> packets are coming from, but not very useful if you're worried
about
> someone sniffing your "sensitive data".
>
> I don't have an answer to what harm you might do using TOR.
> Inflamatory political messages, stalking ex-spouses, spam, hate
mail,
> impersonating someone, online hacking, disagreeing with me, and
other
> internet activities where hiding your identity would be required,
> seems like a good start.
>

It's end to end if you use SSL--->torentrynode----onionrouted--->
torexitnode--->host (ssl decrypted by host)

unless some gov agency breaks the ecryption algorithm for tor and
for ssl, your data is safe, in so far as it is possible to ever be
safe on the net.
From: Warren Oates on 15 Feb 2010 07:50
In article <1r9hn51f3i444hdt60ls6bd2mqs5i3ica7(a)4ax.com>,
Jeff Liebermann <jeffl(a)cruzio.com> wrote:

>
> TOR is great security if you don't want anyone to know where your
> packets are coming from, but not very useful if you're worried about
> someone sniffing your "sensitive data".

One problem with TOR is that if you have Java enabled, your real IP is
visible. This isn't TOR's fault -- it encrypts data, it doesn't alter it.

https://www.torproject.org/download.html.en#Warning

http://pseudo-flaw.net/content/tor/attacking-tor-control-port-with-java/

There are lots of ways of being anonymous, though; most of us don't need
them.
--
Very old woody beets will never cook tender.
-- Fannie Farmer
First  |  Prev  | 
Pages: 1 2 3 4
Prev: FBI wants records kept of Web sites visited
Next: Netgear - XE103 vs XET1001 - what's different