[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Newbie's questions

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Newbie's questions
From: Michael Holstein <michael.holstein@xxxxxxxxxxx>
Date: Tue, 27 Feb 2007 10:35:55 -0500
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Tue, 27 Feb 2007 10:36:22 -0500
In-reply-to: <857578.70805.qm@web23311.mail.ird.yahoo.com>
References: <857578.70805.qm@web23311.mail.ird.yahoo.com>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.8 (X11/20061115)

(1) Does it mean that even when I visit unencrypted sites, nobody would be able to tell what sites or pages I am requesting?

Correct. As long as you're also proxying the DNS via SOCKSv4, the only person that could "see" your traffic in the clear is the folks between the exit node and the destination.

However .. if you do something like access your (real) Yahoo mail, someone could connect that traffic with the "real" you .. because they could see your name in the HTTP traffic. Thus, it's unwise to leak the recipe to the secret sauce, and then go check your Hotmail account all in the same session.

You also need to be mindful of combining your "anonymous" and "regular" activities .. if, for example, you allow sites to set cookies and you visit two sites both using DoubleClick .. that cookie will connect the "real" you and the "tor" you. Same goes for any website that requires authentication (eg: Yahoo mail, etc.). Someone could check the logs and say "well, I see it was TOR this time, but yesterday it was Comcast".

(2) Can the green line be cracked by intercepting the packets or headers?

An attack against AES that's more effective than bruteforce is not (yet) known, so I'd say "probably not", although TOR developers are clear to tell you it doesn't defend against a "global adversary" (eg: $3_letter_agencies).

(3) I don't know where the encryption key is stored. Can it be stolen if my pc is hacked?

The client key is in memory, so no .. unless you do something like suspend your laptop while TOR is running (thus writing it to disk). Also, it's possible to have the key written to swap accidently.

You can prevent both those problems with a "liveCD" distro that dosen't touch the hard disk. There are many such "internet privacy appliances", my personal favorite being the one based on OpenBSD (Anonym.OS).

Other general recommendations :

Firefox (dump cookies on exit, no cache, etc)
NoScript plugin (no javascript)
FlashBlock plugin (no flash)

Cheers,

Michael Holstein CISSP GCIA
Cleveland State University

Follow-Ups:
- Re: Newbie's questions
  - From: coderman
- Re: Newbie's questions
  - From: Eugene Y. Vasserman

References:
- Newbie's questions
  - From: sy16

Prev by Author: Re: Tor server web page?
Next by Author: Re: building pages with tor in mind
Previous by thread: Newbie's questions
Next by thread: Re: Newbie's questions
Index(es):
- Author
- Thread