[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Tor at heart of embassy passwords leak; "ToR isn’t the problem, just use it for what it’s made for."
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Tor at heart of embassy passwords leak; "ToR isn’t the problem, just use it for what it’s made for."
- From: "Michael_google gmail_Gersten" <keybounce@xxxxxxxxx>
- Date: Mon, 10 Sep 2007 09:15:42 -0700
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Mon, 10 Sep 2007 12:15:51 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=H4le+4i1duLH4LxludQNrIEj4SSmOOS7F6MSnW0GgVk=; b=F9wDDLxjfTAt73i/MqUg/AZDWO2qJEN0+EEM/UOGYkj6jjFTQPl47dNpBokrezkbUYI1EQrZ/9XVJ++WXHBT/KXPbc26oVtv2up6OVzP4XiN1XB1YSJPnedYCq7opvkXHHcFcwZHaB2L6ct8/6AzuZeLVXAom3pXGnr+UsObtB4=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=UbnIOJFfQgmSn9oc9pFDgHqUYuUbq027qx+zVtSG3NA/GVb9bGSqPjikMB6yNWFbQMY1vGKDvm1/yMEl09wxoPt4Xit010mPuyCcxRA5epc+xdfaq13UA7oTPKgTNBZjGluBPO8FG8EzbNucw0cOvUePIK8KlBWTWCKoJgo5JYU=
- In-reply-to: <4ef5fec60709100655v6170121fi5bd144a49128e43a@xxxxxxxxxxxxxx>
- References: <4ef5fec60709100655v6170121fi5bd144a49128e43a@xxxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
So let me see if I understand this correctly.
First, anything sent through Tor can be sniffed by the exit node,
exactly like anything sent without Tor can be sniffed by your ISP.
Second, an ISP can be ordered to turn over all information about your
communication (100% leak), and for all we know, 100% of the content as
well (revealing 100% of all private matters). In comparison, Tor only
catches some of the information about your communication, and some of
your private matters.
Thirdly, the people involved either did not use http*S*: to talk
securely, or they used a device that handled invalid certificates
wrong, and did not even notice.
Does that sum it up correctly?