[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor at heart of embassy passwords leak; "ToR isn’t the problem, just use it for what it’s made for."



Hi,

On Mon, 10 Sep 2007, Michael_google gmail_Gersten wrote:

> So let me see if I understand this correctly.
> 
> First, anything sent through Tor can be sniffed by the exit node,
> exactly like anything sent without Tor can be sniffed by your ISP.

true
 
> Second, an ISP can be ordered to turn over all information about your
> communication (100% leak), and for all we know, 100% of the content as
> well (revealing 100% of all private matters). In comparison, Tor only
> catches some of the information about your communication, and some of
> your private matters.

not really true
Tor provides the ability to hide your location on the remote side
Tor provides the ability to hide what you are doing on the local side
Tor does not provide any security for passwords and similar data

> Thirdly, the people involved either did not use http*S*: to talk
> securely, or they used a device that handled invalid certificates
> wrong, and did not even notice.
true

> Does that sum it up correctly?
nearly

-- 
Florian Reitmeir