[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-talk] Tor spying
Hello tor-talk mailing list,
Today I was reading Dan Kaminsky's blog and I noticed a mention of Tor:
``Moxie Marlinspike, probably the smartest guy in the world right now on SSL issues, did a study a few years ago on how many Tor users â not even regular users, but Tor users, clearly concerned about their privacy and possessed with some advanced level of expertise -- would notice SSL being disabled and refuse to browse their desired content.
Moxie didnât find a single user who resisted disabled security. His tool, sslsniff, worked against 100% of the sample set.''
I did a Google search and found two articles mentioning this:
Apparently people are spying on Tor users by setting up their own exit nodes and sniffing traffic?!
This Moxie Marlinspike is even a well-respected researcher, apparently. He gives talks at Blackhat to government hacker wannabes. But stealing email passwords and credit card information? How is this legal in the US?
The more I research this, the more it seems this sort of ``research'' is more common than not. Wikileaks, Jacob Appelbaum, Adrian Lamo, Moxie Marlinspike... who else? Iran?!
The Tor Project needs to shed some light on this or it will have a serious problem with people wanting to use Tor at all...
tor-talk mailing list