On Monday 01 October 2007 16:35:29 Mike Cardwell wrote: > > If you use Tor, you considerably increase the number and range of people > that could potentially attack you. You also make yourself a tastier target. > > This is not a bad thing if you know how to deal with it. It *is* a bad > thing if you don't. For example, I have only ever had attempted MITM > attacks against my ssh sessions when using them over Tor. > I think torifying a user's traffic without informing him of it is a very bad idea. Pop3 is the best example. I don't think anyone with all the facts to hand would ever use a pop3 session over Tor. Whatever the merits of the well-you-go-over-x-hops-anyway argument (and it generally does not apply to pop3), tor is always x-hops + 1, and that '+ 1' could be anyone from Aunt Nellie to the NSA, no special privileges required. This is one of the main challenges faced by Live CDs and other Torified environments - is it better to anonymize everything in the session or always prevent the likes of pop3 from being anonymized, ever?
Attachment:
signature.asc
Description: This is a digitally signed message part.