[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] When to use and not to use tor.

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] When to use and not to use tor.
From: Joe Btfsplk <joebtfsplk@xxxxxxx>
Date: Sat, 11 Jun 2011 15:57:08 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 11 Jun 2011 16:57:25 -0400
In-reply-to: <BANLkTinJNLfH3sQ0JJfEg4zjU---7sfO8A@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <BANLkTinJNLfH3sQ0JJfEg4zjU---7sfO8A@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10

I'm not a guru in this dept - only what I've read. Reason usually givennot to use Tor for Banking is because the Tor exit node has to sendunencrypted data to your target site (like bank PWs). Unless yourcommunication w/ that site was somehow encrypted (& a login PW wouldn'tbe). A malicious exit node operator could sniff the packets coming thruthe relay.

Just visiting a site where you're not required to enter private datadoesn't allow a malicious exit node operator (or anyone else) to captureprivate data. In the case of banking, instead of just making a directconnection between you & the bank https (using SSL / TLS), using Tor isintroducing an "unknown" 3rd party. That's basically why.

Same thing w/ unencrypted email. An exit node could intercept it(though by far, most don't), but if it's really confidential info, don'tsend unencrypted email thru Tor. If it's that confidential, you mightout to encrypt email anyway. There are services (like Hush Mail) - formax privacy, I'd opt to install their software vs doing everything ontheir servers.

Also a Firefox addon, Enigmail that allows using open PGP (GNU PG)encryption in a client like Thunderbird. Haven't used it, but beenthinking of checking it out.


On 6/11/2011 4:00 AM, Fernan Bolando wrote:

Hi all

I have seen posts on various websites giving a general rules on when
and when not to use tor. I have seen, however any official
documentation on from torproject or any of the privacy
website like eff. Does such a documentation exists? can somebody point me to it.

examples
dont use tor in banking or financial transactions
dont use tor in non encrypted email

regards
fernan
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] When to use and not to use tor.
  - From: Seth David Schoen

References:
- [tor-talk] When to use and not to use tor.
  - From: Fernan Bolando

Prev by Author: Re: [tor-talk] Best way to anonymize email while still be allowing to receive it?
Next by Author: Re: [tor-talk] When to use and not to use tor.
Previous by thread: [tor-talk] When to use and not to use tor.
Next by thread: Re: [tor-talk] When to use and not to use tor.
Index(es):
- Author
- Thread