[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: following on from today's discussion

On Friday 18 August 2006 22:47, Roger Dingledine wrote:
> [Dropping the or-dev CC since this isn't related to Tor development]
> On Fri, Aug 18, 2006 at 10:14:29PM +0100, Robert Hogan wrote:
> > That aside, I think it has highlighted a security risk  that Tor itself
> > may be guilty of understating to new users, namely that using Tor exposes
> > your traffic to a much higher likelihood of being eavesdropped than
> > normal.
> >
> > For example, I am not a network admin by day so I do not have access to
> > public internet traffic through legal means. Yet I am running a Tor exit
> > server, so I can now legally (though unethically) listen to your internet
> > traffic and harvest any passwords that go by.
> Actually, look at
> http://tor.eff.org/eff/tor-legal-faq.html.en#ExitSnooping
> It is an open legal question -- that is, there's no clear precedent with
> respect to Tor servers -- but it's probably not wise to just assume that
> it's legal. Also, remember that there are many jurisdictions out there,
> and they all have their own complex laws.
> > I do not think the gravity of this trade-off by the tor user (security
> > for anonymity) is adequately represented.
> I agree. Somebody should write a clear introduction to Tor, what it does,
> and what it doesn't do. One day that somebody will be me, but I would
> welcome some early versions to help me along.
> > Now that I see it for what it is, I am definitely going to introduce some
> > sort of nag/warning to TorK so that the user is warned at least once that
> > using plaintext protocols carrying authentication information on Tor
> > carries a serious health warning.
> >
> > Am I overstating the case? Do others think that the nature of the
> > compromise tor users make is transparent to them?
> The reason I haven't emphasized the issue so far is that I think you're
> overstating the protection ordinary users get from the Internet as it
> is. For example, if you're on a local network with other users (often
> including everybody in your neighborhood for cablemodem systems), you're
> not in very good shape. Tor solves this issue, and for many users it's
> a huge issue.
> Then there's the question of the Internet infrastructure itself --
> your Internet packets travel over a wide variety of places on the way
> to their destination. Sometimes packets get mis-routed to, well, pretty
> much anywhere. The chance that any hop along the way is able to observe
> them -- for example because of a crooked employee, but also because some
> Russian cracker 0wns a computer nearby in the path -- is hard to estimate
> in general, but from studying botnets and dealing with net security for
> the past decade or so, I don't feel it's as low as you imply.
> All that said, I agree with you that most of the danger is probably at
> the endpoints of the communication -- on the path from you to your entry
> Tor node, and on the path from your exit node to your destination. Tor
> solves the first issue and changes the second issue -- possibly for the
> worse, depending on your situation.
> So barring any actual data about the security of the Internet as a whole,
> which seems hard to get, I still stick with my answer from
> http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ExitEavesdroppers
> If you're not using end-to-end encryption, then you're in bad shape,
> whether you use Tor (and are exposed to one set of risks) or don't use
> Tor (and are exposed to a different set of risks).
> --Roger

Thank you for that very considered response. 

Tor definitely does change the qualtitative and quantative risk of being 
eavesdropped though - and i think it is this fact that is understated. 

The anonymity provided by tor comes at a price: the increased risk of 
any-old-joe (and not just the corener cases of a crooked isp employee, or a 
hacker listening to misrouted packets) harvesting your traffic.

The exact degree of this increased risk obviously depends on your view of the 
risk posed by normal use of the internet, as you have pointed out.

My feeling is that anything that extends the circle of risk from exposure to 
hackers/crooked ISP employees/ISPs themselves to exposure to the likes of me 
(a curious amateur with no special priveleges) represents a sea-change in the 
user's security 'posture'.

I'm not saying that the shift is catastrophic but it is definitely a 
compromise that needs more emphasis.


KlamAV - An Anti-Virus Manager for KDE - http://www.klamav.net
TorK   - A Tor Controller For KDE      - http://tork.sf.net