[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: funneling a wireless net's outbound connections through tor



On Monday 01 October 2007 16:35:29 Mike Cardwell wrote:
>
> If you use Tor, you considerably increase the number and range of people
> that could potentially attack you. You also make yourself a tastier target.
>
> This is not a bad thing if you know how to deal with it. It *is* a bad
> thing if you don't. For example, I have only ever had attempted MITM
> attacks against my ssh sessions when using them over Tor.
>

I think torifying a user's traffic without informing him of it is a very bad 
idea. Pop3 is the best example. I don't think anyone with all the facts to 
hand would ever use a pop3 session over Tor. Whatever the merits of the 
well-you-go-over-x-hops-anyway argument (and it generally does not apply to 
pop3), tor is always x-hops + 1, and that '+ 1' could be anyone from Aunt 
Nellie to the NSA, no special privileges required.

This is one of the main challenges faced by Live CDs and other Torified 
environments - is it better to anonymize everything in the session or always 
prevent the likes of pop3 from being anonymized, ever?

Attachment: signature.asc
Description: This is a digitally signed message part.