[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Tor spying

Hello tor-talk mailing list,

Today I was reading Dan Kaminsky's blog and I noticed a mention of Tor:

``Moxie Marlinspike, probably the smartest guy in the world right now on SSL issues, did a study a few years ago on how many Tor users â not even regular users, but Tor users, clearly concerned about their privacy and possessed with some advanced level of expertise -- would notice SSL being disabled and refuse to browse their desired content.

Moxie didnât find a single user who resisted disabled security. His tool, sslsniff, worked against 100% of the sample set.''


I did a Google search and found two articles mentioning this:


Apparently people are spying on Tor users by setting up their own exit nodes and sniffing traffic?!

This Moxie Marlinspike is even a well-respected researcher, apparently. He gives talks at Blackhat to government hacker wannabes. But stealing email passwords and credit card information? How is this legal in the US?

The more I research this, the more it seems this sort of ``research'' is more common than not. Wikileaks, Jacob Appelbaum, Adrian Lamo, Moxie Marlinspike... who else? Iran?!

The Tor Project needs to shed some light on this or it will have a serious problem with people wanting to use Tor at all...

tor-talk mailing list