GeorgeDS <georgeds@xxxxxxx> wrote: > On Tue, 2006-10-31 at 09:49, Fabian Keil wrote: > > George Shaffer <George.Shaffer@xxxxxxxxxxx> wrote: > > > > > To go to > > > a malicious site you need to encounter a site whose security has been > > > compromised, be tricked into going to a site, be the victim of > > > poisoned DNS, receive an email with a macro based Outlook virus that > > > uses IE functionality, or deliberately browse fringe web sites. > > > > Or you can use Tor and give every Tor exit node operator the chance > > to render every "trusted site" that doesn't use encryption into > > a source of malware. > > If your only point is I forgot to list this, I'm guilty. Other than > that, this seems to be an argument against using Tor. I think it's just a fact every Tor user should be aware of. It sure is a disadvantage, but I don't see it as a reason to stop using Tor. > Regarding systrace: > > > > Looking at man, it does appear that it would be useful for > > > controlling "developmental" software on a very secure OpenBSD system. > > > > It's useful to control software in general. > > "In general" I agree but there are costs as well as benefits to all > security measures. Rational people can reach a wide range of conclusions > regarding how much to invest and where. Of course. > I suspect you might be rather > uneasy with controlling software, as in preventing customers from using > Skype, as the Narus tools linked to below can. It's besides the point, but given the free alternatives I don't think anyone should be using Skype anyway. Especially not users who care about their privacy and system security. If an ISP thinks it's a good idea to disallow Skype usage in its terms of service and then tries to enforce this policy, I don't have a problem with that. If the user wants to use Skype, she should sign up with an ISP with less unreasonable terms of service. > > There are several valid reason not to run a Tor server at all, > > I just don't think that "local security" or "ISP terms of service" > > are among them. > > We will obviously continue to disagree about these. I recently came > across http://www.narus.com/products/index.html which describes a line > of products that allow large ISPs and broadband carriers to monitor > everything that flows across their network. Virtually every protocol can > be identified, and everything from any IP can be assembled into a stream > and it's contents examined. For Tor users this shouldn't be a big deal. I also don't see anything exciting about Narus, I once saw a Squil presentation and if I remember correctly it can do the basically the same. http://sguil.sourceforge.net/index.php?page=description Of course a patient person can already do the same thing with less comfortable tools like tcpdump anyway. > That barely begins to describe what the > Narus tools can do. If you care about privacy, this is really creepy. Maybe if you care about privacy and don't use tools like Tor to protect it. > Partly this is to allow carriers to conform to the wiretap laws that are > being applied in the US and other countries, but Narus makes clear the > carriers can use these tools for their own purposes. While resources > should prevent an ISP or carrier from monitoring all their customers all > the time, tools like this will allow them to focus on protocols banned > by terms of service and identify the customers using the banned > protocol. Personally I think the frequent changes in wiretaping laws are lot more frightening than the software to comply with them. > In the case of a cable provider, there is only one in any > specific area. If you loose your access, then you have to hope DSL is > available, and you will normally pay more for comparable download > speeds. Personally I want to be careful about my ISPs terms of service. It was probably not clear enough, but I wasn't trying to say that one shouldn't honour the ISP's terms of service. I'm just saying that they aren't a valid reason not to run a Tor server. They are only a reason not to run a Tor server in that ISP's network (if you are interested in running a Tor server and I know, you personally aren't). Fabian -- http://www.fabiankeil.de/
Attachment:
signature.asc
Description: PGP signature