[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor spying

On 09/07/2011 09:21 PM, Indie Intel wrote:

Apparently people are spying on Tor users by setting up their own
exit nodes and sniffing traffic?!

Oh yeah. It happens.

This Moxie Marlinspike is even a well-respected researcher,
apparently. He gives talks at Blackhat to government hacker wannabes.

You may have the threat a bit backwards.

Just try to imagine the spying that goes on over the internet as a whole. Governments, ISPs, telcos, businesses, spouses, employees, malware on your LAN, bad guys are all sniffing traffic all the time. Some digital satellite ISPs have an unencrypted downlink and the entire hemisphere can see the traffic.

The difference here is that these security researchers have blessed the public with the fruits of their research and we have benefited from it.

But stealing email passwords and credit card information? How is this
legal in the US?

It's a gray area. I wouldn't do it myself, but I'm grateful to the others who have on occasion done something useful with it.

The more I research this, the more it seems this sort of ``research''
is more common than not. Wikileaks, Jacob Appelbaum, Adrian Lamo,
Moxie Marlinspike... who else? Iran?!

Yeah, who don't?

The Tor Project needs to shed some light on this or it will have a
serious problem with people wanting to use Tor at all...

It's even a FAQ

Personally, if I were going to transmit a credit card or email password in-the-clear over Tor I'd choose Moxie or Jacob over some random node any day. But I'd do everything possible to avoid that in the first place.

- Marsh
tor-talk mailing list