[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: following on from today's discussion



On Monday 21 August 2006 18:20, Jay Goodman Tamboli wrote:
> (moving back to or-talk)
>
> On 2006.08.21, at 13:06, Robert Hogan wrote:
> > On Sunday 20 August 2006 23:19, Chris Palmer wrote:
> >> Jay Goodman Tamboli writes:
> >>> Is it true that your traffic is more likely to be eavesdropped upon?
> >>
> >> We can only speculate.  End-to-end encryption...
> >
> > It's not a matter of speculation. Using Tor expands the number of
> > potential
> > eavesdroppers by at least the number of exit nodes in the Tor network.
>
> While it's true the number of potential eavesdroppers across all
> connections increases that much, the number of potential
> eavesdroppers for any one connection or at any single time would seem
> to increase only a little. That is, without Tor you have your ISP and
> whatever computers are between it and your destination, and with Tor
> you have the exit node operator, his ISP, and whatever computers are
> between it and your destination. Whether the exit node operator is
> likely to eavesdrop is, I think, speculation.
>
> /jgt

That's correct - the activities of individual exit node operators is purely in 
the realms of speculation. 

But what is not speculation is that some of them are eavesdropping.

'Among other things, Tor is a handy tool for harvesting random 
username/password pairs.' I believe that's a true statement. And that's why I 
think Tor traffic is more likely to be eavesdropped upon: because it is as 
much a hacking tool for scriptkiddies as it is an anonymity network client 
for everyone else.

That's my only point really. Tor has a specific layer of exposure that is 
easily accessible to anyone who is interested in it. That is not true of 
non-Tor traffic.

-- 

KlamAV - An Anti-Virus Manager for KDE - http://www.klamav.net
TorK   - A Tor Controller For KDE      - http://tork.sf.net