[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Javascript security question

On Fri, 21 Aug 2009 13:39:47 +0000 (GMT)
Sadece Gercekler <inanma@xxxxxxxxx> wrote:

> Thanks everybody for the explanation.
> So the exit node I'm using can be Evil and there is no way I can know
> this. If so, is it wise to use the Tor network even with javascript
> disabled?
Using a properly Locked down browser (Torbutton/etc), and staying as
much as possible to encrypted connections (https) It is possible to use
Tor "fairly" safely. Remember, using the open Internet is largely an
exercise in trust. you trust that none of the system between you and
yahoo will eavesdrop and you trust that none of them will inject
anything. Both of these are Basically huge assumptions anytime you are
not using SSL or some other secure end-to-end encryption. ISPs do
inject (Rogers here in Canada played with it). ISPs do eavesdrop
(phorm/BT). So I try to use https/etc as much as I can anyways.

Considering the above (and I'm sure others will add a few points). you
need to get as informed as possible on both TOR and the open net and
then make an informed risk assessment. Are the risks greater then the
open net? Is the anonymity worth the risk? Can I do it all over SSL?



This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ )

Attachment: signature.asc
Description: PGP signature