[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: TOR is for anonymization; so how to add encryption as well?

arshad wrote:
> i want the traffic be encrypted as well?
> any workarounds?
> thanks.
> ***********************************************************************
> To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
> unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/
It is encrypted except at the exit unless you use https or imaps or
whatever protocol + s.

Let me illustrate.  Suppose you go to http://www.google.com via
privoxy+tor, then you establish a tunnel like this:

             --------Tor's encryption--------------
client         ------ clear http ------------->        Tor Relay ...
             --------Tor's encryption--------------

This continues until you get to the exit

--------Tor's encryption--------------
    ------ clear http ------------->         Tor Exit ------ clear http
--------Tor's encryption--------------

So sniffing is impossible except at the exit.   The admin at the tor
exit should never look at the traffic leaving his/her node.

If you repeat the above, but go to https://www.google.com (note the
http+s), then the above changes in that the clear http is replaced by
encrypted https.  Then even the tor exit node admin can't see your traffic.

Hope this helps and that my ascii art didn't get wrapped beyond readability.


Anthony G. Basile, Ph.D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201

(716) 829-8197

Attachment: signature.asc
Description: OpenPGP digital signature