following on from today's discussion

[Robert Hogan <robert@xxxxxxxxxxxxxxx>]

This has been an interesting discussion (a bit of intemperate speech is always 
entertaining too). 

That aside, I think it has highlighted a security risk  that Tor itself may be 
guilty of understating to new users, namely that using Tor exposes your 
traffic to a much higher likelihood of being eavesdropped than normal.

For example, I am not a network admin by day so I do not have access to public 
internet traffic through legal means. Yet I am running a Tor exit server, so 
I can now legally (though unethically) listen to your internet traffic and 
harvest any passwords that go by.

I do not think the gravity of this trade-off by the tor user (security for 
anonymity) is adequately represented.

Now that I see it for what it is, I am definitely going to introduce some sort 
of nag/warning to TorK so that the user is warned at least once that using 
plaintext protocols carrying authentication information on Tor carries a 
serious health warning.

Am I overstating the case? Do others think that the nature of the compromise 
tor users make is transparent to them?

-- 

KlamAV - An Anti-Virus Manager for KDE - http://www.klamav.net
TorK   - A Tor Controller For KDE      - http://tork.sf.net