[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: DuckDuckGo now operates a Tor exit enclave

On Sun, Aug 15, 2010 at 2:46 PM, Ted Smith <teddks@xxxxxxxxx> wrote:
> On Sun, 2010-08-15 at 17:40 +0200, Michael Scheinost wrote:
>> 2. Why is it offering HTTP
>> If duckduckgo.com really cares for the anonymity and privacy of its
>> users, why do they offer unencrypted HTTP?
>> Even if tor users are encouraged to use HTTPS, some of them will
>> forget
>> doing so.
> There's no point in HTTPS if you're using an exit enclave. The traffic
> is encrypted in the Tor cloud, exits that cloud **on the service's
> localhost address**, and if it were encrypted, would be transmitted as
> ciphertext to the service port on the local interface.
> If you're proposing a threat model wherein loopback is an untrusted
> connection, you have bigger problems than, well, anything.

Except that users often won't use the exit enclave due to limitations in tor.

The first connection to a destination will not use the exit enclave
because prior to the first connection the node will be unaware of the
destination IP and thus unaware of the existence of the enclave.

Incomplete directory information can also cause nodes to not use enclaves.

Exits with falsified DNS will cause nodes not to use enclaves.

These weaknesses could all be reduced or eliminated, but I don't think
people have cared too much about the exit enclave functionality.
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/