[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: TOR is for anonymization; so how to add encryption as well?

On Sun, 2009-12-27 at 12:48 +0100, Nils Vogels wrote:
On Sun, Dec 27, 2009 at 12:26, arshad <arshad3m@xxxxxxxxx> wrote:
> i want the traffic be encrypted as well?
> any workarounds?

Traffic within TOR itself is encrypted as part of the anonimization:
When you are in the cloud, it is almost impossible to make heads or
tails out of the messages that are being sent.

When the traffic leaves the cloud, it is sent in the same way it was
entered into the cloud, ie. HTTP will still be HTTP, HTTPS will be

If you want your traffic to be both anonymous and encrypted throughout
the entire path, use an encrypted protocol, such as HTTPS, IMAPS,
POP3S, etc.

Please, also read http://www.torproject.org/overview.html.en it will
answer not only this question, but also a few similar questions that
you might have when first starting to use tor.



thanks for your reply.
i mean to avoid this:

Eavesdropping by exit nodes
In September 2007, Dan Egerstad, a Swedish security consultant, revealed that by operating and monitoring Tor exit nodes he had intercepted usernames and passwords for a large number of email accounts.[17] As Tor does not, and by design cannot, encrypt the traffic between an exit node and the target server, any exit node is in a position to capture any traffic passing through it which does not use end-to-end encryption, e.g. SSL. While this does not inherently violate the anonymity of the source, it affords added opportunities for data interception by self-selected third parties, greatly increasing the risk of exposure of sensitive data by users who are careless or who mistake Tor's anonymity for security.[18]