* on the Mon, Nov 25, 2013 at 11:27:43PM +0000, Jacob Appelbaum wrote: >>>> You shouldn't just route people through Tor without their knowledge. >>>> They need to understand the risks and adapt their use accordingly. >>> >>> And what is the risk of barebacking with a network? >> >> When your traffic comes out of a Tor exit node, there is a significantly >> increased risk of passive and active MITM attacks against you, and also >> increased risk of being locked out of your accounts. > > What data do you have on passive and active MITM attacks on all of the > internet when you compare it with Tor? I don't have any hard data, it's just what I've casually observed. Take from that what you will. I will explain my reasoning at the end of this email. > Some systems will lock people's accounts - that is a reasonable concern. Yes. Therefore my statement holds: "You shouldn't just route people through Tor without their knowledge. They need to understand the risks and adapt their use accordingly" > We need these systems to better understand the Tor network, rather than > simply punt and stick with the same FUD. Yes, we need both ends of the connection to understand and account for the problem of cycling IPs/countries. >>> Does that user gather my consent for every action that will be tied >>> to me? No. >> >> I did not say, "don't route people through Tor". I said, "don't route >> people through Tor without their knowledge." > > Consent goes n ways. As the network operator, I hope the user will > understand that they need to protect themselves from my network and > routing choices. > Similarly, I will try to protect myself and my ISP from > being harmed by a user or someone targeting one of those users. > As an example, some people wish to deploy captive portals for gathering > informed consent. This is a path of madness. In addition to the > linguistic failures, I think the last thing we need is *more* blocking > and filtering. A click through wrapper isn't useful for much other than > a CYA approach to consent which seems... sad. > > Perhaps you have another way to suggest that we have informed them and > they have adequate knowledge? I think that I rarely understand the MPLS > tunnels between my DSL circuit and say, DuckDuckGo - do I really need to > understand those details to use the network? This whole thing is an idealism vs pragmatism argument. Your argument relies on Tor being just another network like any other. Whereas I'm saying it is different and therefore should be treated differently. I don't have any data to back this up, so you'll probably just label it FUD, but IMO a lot of the Exit nodes are malicious and you're much more likely to have your traffic compromised by a seriously malicious hacker when using Tor than when not. This is why I would not route my mums traffic through Tor without making sure she understood the difference to her "normal" Internet connection. To be completely clear: Tor is one my favourite OSS projects. I think it's a great and worthwhile piece of software and is very important for many people. Hopefully one day in the not too distant future my C foo will be good enough to contribute, I would love to be employed by the Tor Project at some point. I don't wish to dissuade people from using it. I just want people to be safe when they do. If I, as a random geek, wanted to mess around with MITM attacks to see what information I could steal, I have a few options: I could do it on my LAN at home, targetting friends and family. I could do it at work and risk my job. I could go to somewhere with an open wifi hot spot and target a couple of coffee drinkers reading the news. Or I could spend a couple of minutes setting up a Tor exit node from the comfort of my office, getting sustained access to the traffic of thousands of strangers all over the World. This is why I think malicious Tor Exit nodes are widespread: Because setting them up is easy, attractive and safe. -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
Attachment:
signature.asc
Description: Digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk