[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor spying

On Wed, Sep 7, 2011 at 10:21 PM, Indie Intel <d577ac28@xxxxxxxxx> wrote:
> Apparently people are spying on Tor users by setting up their own exit nodes and sniffing traffic?!

For some reason the moral standards people abide to online are unlike
the ones they'd apply in other contexts.  I'm doubtful Moxie
Marlinspike would go around jiggling the doorknobs of his neighbors or
hold their mail up in front of candles  (or at least do so without
fear of having a really bad weekend in a police office as a result).
But on lineâ people do. Oh well, not much we can do about that.

It's unfortunate and unlawful for people to monitor or modify exit
node traffic. You should not do so.  At the same time, _all_ internet
users should do what they can to protect themselves. These attacks
aren't just limited to Tor: regular ISPs perform them too, and if we
can't stop it there we certainly can't stop it for tor.

>``research'' is more common than not. Wikileaks, Jacob Appelbaum,

It's worth pointing out that Wikileaks and Jacob have refuted and
rejected the claims that (at least as far as they could be aware)
Wikileaks documents came from sniffing tor exits.

Of course, its impossible for anyone to prove they haven't been, and
thought its possible to do so no one has proven they did.  At best its
unfounded rumor, at worse its an active smear.

I find it somewhat ironic that you complain about the ethics of
obviously well intentioned security researchers while simultaneously
spreading a reputation destroying rumour.

At least we learned something useful from the sslsniff research that
might educate us about building practical secure systems. What did we
learn from your post?
tor-talk mailing list