[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: How can I trust all my Tor nodes in path



Thank you, just trying to make sure I understand. I will also follow that link.


On 12/1/06, Robert Hogan < robert@xxxxxxxxxxxxxxx> wrote:
On Friday 01 December 2006 20:55, Tim Warren wrote:
> On 12/1/06, Robert Hogan <robert@xxxxxxxxxxxxxxx> wrote:
> > The real danger with Tor is using sensitive information over http rather
> > than
> > https and mixing anonymous and non-anonymous traffic over the same
> > circuit.
> > Those two are the most common and most easy mistakes to make.
>
> Maybe you could answer a question for me. Should I NOT login in to a site,
> such as a bank, when using Tor? Or do I need to make sure it is https:?
>
> Appreciate any clarification.
>
> Thanks,

If you use https (and your browser hasn't complained about the ssl
certificate) you're fine.  The exit node can see everything (if they want)
over http.

Everything after the exit node is just as good or bad as if you weren't using
tor. Tor just adds an extra guy to the chain of *reputable* carriers who
*could* monitor your traffic - and it is best practice to assume that at
least the tor exit node is doing exactly that. see http://tor.unixgu.ru


--

KlamAV - An Anti-Virus Manager for KDE - http://www.klamav.net
TorK   - A Tor Controller For KDE      - http://tork.sf.net



--
Tim Warren
SD CA USA