[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

A few Tor questions


Tor looks way cool and seems like a very appropriate reaction to the
current assault on our (on-line) privacy...

After installing Tor (client) and reading up on it, I still have a few
questions.  I must admit to not knowing much about anon/crypto or
networking technicalities.  For the record, I use Linux (Debian/sid),
and Firefox.

- I noticed that according to Tor and Privoxy docs, HTTP and HTTPS
proxies should be set in your browser.  But that leaves other protocols
such as FTP unprotected, which means that your cover will be blown as
soon as you click on a FTP link...  Not good.  Right now I 'fixed' this
by setting Privoxy as proxy for the other protocols too - which gets me
a Privoxy warning screen rather than connecting with the remote host
directly.  However, this is just a hack...  Is there a way to route FTP
traffic from Firefox through Tor, or is there a cleaner way to disable
these protocols?

- It seems Tor alway creates paths consisting of 3 nodes...  Is there a
way to change the path length?  Wouldn't that be a good idea, especially
if you set fixed entry or exit nodes?

- Given that the list of Tor nodes is public, doesn't the safety of the
network critically depend on the security of servers?  If an attacker
would be aware of a vulnerability for a large percentage of server
systems, and therefore be able to compromise all these nodes at once,
that would seem to be a real problem.  With this in mind, is it really a
good idea to allow basically unverified nodes on the network?  How about
requiring, and checking for, some basic level of security (doing a
remote scan maybe).  Also, do you really think it's a good idea to
encourage windows-based servers?  If Tor is to become more widespread,
and a lot of nodes end up running on 'average windows boxes' (with the
average abysmal security), I'd sure be tempted to exclude windows-based

- I'd like to set up a dedicated server at home, on an ADSL line (with
about 50kB/s upstream available to Tor).  Do you think a cacheless PII
Celeron (about 270MHz IIRC) would be able to handle the load?  (I also
have a spare fast Athlon, but it runs a bit too hot and noisy to make a
nice server).

Finally, I was going to ask about the lack of a signature for the source
distro, but suddenly it's there, cool :-).

Looking forward to your comments!

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around