[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: following on from today's discussion

On Fri, Aug 18, 2006 at 05:47:03PM -0400, Roger Dingledine wrote:
> > Now that I see it for what it is, I am definitely going to introduce some sort 
> > of nag/warning to TorK so that the user is warned at least once that using 
> > plaintext protocols carrying authentication information on Tor carries a 
> > serious health warning.

Doesn't Firefox already include this warning when you try to use plaintext
auth protocols on the Internet in general? Or heck, when you try to POST
data to a non-ssl webpage at all?

> Then there's the question of the Internet infrastructure itself --

Also consider that in many countries, the ISPs are the government or are
in cahoots with the government (more countries than we might think, alas),
and many users are not too thrilled about being tracked and observed by
their government.

Even if you trust your government completely, then you're still not safe:
with the advent of data retention, there are an increasing number of
juicy databases sitting around waiting to be stolen, backed up to the
wrong location, lost, freely give out information to people without a
suitable warrant, etc.

On the one hand, in many cases ISPs have a strong financial incentive to
not be too obvious about their snooping, so you are right to expect that
they won't be so public and broad-sweeping with their attacks. On the
other hand, if torxunixguxru is the toughest adversary that Tor users
are up against, I'd be delighted.

It's certainly hard to pin down the exact risks here -- there are
clearly huge risks on both sides. Somebody should write up a clear
concise explanation, perhaps based on some statements from this thread. :)