Here's a thought... I was contemplating the ramifications of, say an exit node designed purely to log traffic directed through it. Assume the most malicious intent here too. Listening to every frame that comes out, you're bound to find something that leaks information. Has anyone considered a concept of listening on the client end and scrubbing anything that could identify (at least, electronically) you. Maybe there's a privoxy configuration or even something like a snort rule.
Has anyone given thought to some Tor-based snort rules? We could make at least outbound trivial into leaks (exact text of IP address, hostname, etc.) and detection of generic Tor traffic.
On 1-Dec-06, at 4:14 PM, Tim Warren wrote:
Thank you, just trying to make sure I understand. I will also follow that link.
On 12/1/06, Robert Hogan < robert@xxxxxxxxxxxxxxx> wrote:On Friday 01 December 2006 20:55, Tim Warren wrote:
> On 12/1/06, Robert Hogan <robert@xxxxxxxxxxxxxxx> wrote:
> > The real danger with Tor is using sensitive information over http rather
> > than
> > https and mixing anonymous and non-anonymous traffic over the same
> > circuit.
> > Those two are the most common and most easy mistakes to make.
>
> Maybe you could answer a question for me. Should I NOT login in to a site,
> such as a bank, when using Tor? Or do I need to make sure it is https:?
>
> Appreciate any clarification.
>
> Thanks,
If you use https (and your browser hasn't complained about the ssl
certificate) you're fine. The exit node can see everything (if they want)
over http.
Everything after the exit node is just as good or bad as if you weren't using
tor. Tor just adds an extra guy to the chain of *reputable* carriers who
*could* monitor your traffic - and it is best practice to assume that at
least the tor exit node is doing exactly that. see http://tor.unixgu.ru
--
KlamAV - An Anti-Virus Manager for KDE - http://www.klamav.net
TorK - A Tor Controller For KDE - http://tork.sf.net
--
Tim Warren
SD CA USA