[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: How do we defeat exit node sniffing?
It also depends on what you are using Tor for.
If you are checking your e-mail (or whatever) that is associated with your real identity, then use only HTTPS.
But if you are checking a different e-mail account that you have (1) setup over Tor and (2) only use for anonymous purposes, then you run a very small risk of being associated with the activity of that account.
Remember, just because your traffic is anonymous doesn't mean it's private. So if you say "This is John Smith and my SSN is xxx-xx-xxxx" or whatever over an anonymous connection to a blog or forum, then you are asking for trouble. You have to be in control of your privacy.
On Thu, Jun 5, 2008 at 7:20 PM, defcon <defconoii@xxxxxxxxx
for http connections im worried about cookie sidejacking as well since some sites only authenticate via https and set a cookie, what can we do in this regard?
On Thu, Jun 5, 2008 at 7:08 PM, Xizhi Zhu <xizhi.zhu@xxxxxxxxx
you have to try to do the authentication with SSL/TLS. if not, your username and your password will be sent to the exit nodes first, and that's really terrible!
2008/6/6, defcon <defconoii@xxxxxxxxx>:
so what do you all suggest if I must authenticate to a non ssl connection? How do I do it anonymously and safely?
On Thu, Jun 5, 2008 at 5:37 PM, Christopher Davis <loafier@xxxxxxxxx
Prefer TLS-enabled services, and mind the authenticity of server certs.
On Thu, Jun 05, 2008 at 05:01:34PM -0700, defcon wrote:
> What are some good ways to defeat exit node sniffing? Is there a listing of
> good exit nodes that do not sniff?
Or use Tor hidden services.
Use Tor to secure your surfing trace:
My blog: http://xizhizhu.blogspot.com/