[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: TorChat is a security hazard



On Wed, Feb 24, 2010 at 01:07:02PM +0100, Ansgar Wiechers wrote:
> On 2010-02-23 Paul Campbell wrote:
> > "TorChat" is an inofficial chat client for the Tor network.  I like
> > the idea behind "TorChat": easy to use, usb-stick portable and runs on
> > Windows 98.
> > 
> > These are the problems I see with "TorChat":
> > 
> > 1. No authentication.  There is no way you can know for sure that the
> > person you are chatting with is the person you chatted with yesterday.
> > Tor's hidden services don't make any such guarantees about incoming
> > connections. The clients stay anonymous.
> 
> Which, if you think about it, is the whole point of anonymizing
> software.
> 

Ermm, sort of. It depends whether you want to be anonymous from the
far end or just from (some part of) the communications infrastructure
between you and it.  The nutshell way we've been saying this since '96
is that onion routing is not to make you anonymous from the far end
but to separate indentification from routing. If you do that, then you
can choose whether to authenticate to (e.g., ssh to a trusted location
over Tor) or be anonymous to (e.g. sensitive queries to a search
engine) the responder. Or, as is being discussed, whether you are
communicating with the same persistent pseudonym as previously.

HTH,
Paul
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/