[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor spying

On 08/09/11 03:21, Indie Intel wrote:

> The more I research this, the more it seems this sort of 
> ``research''is more common than not. Wikileaks, Jacob Appelbaum, 
> Adrian Lamo, Moxie Marlinspike... who else? Iran?!

You become good at implementing security by understanding how to break
it. Sometimes the world won't take a threat seriously without a live
demonstration. Sslstrip has been made available publicly as proof that
the attack is real and actually quite simple. It should also be clear
that it's not specific to Tor; any proxy could do it, including the
"transparent" proxies than many ISPs force traffic through.

The solution is simply "pay attention". If privacy is important to you
(because e.g. you're sending credit card data) then don't rely on
technology to alone protect you. Check that you're actually connected to
the site you expect. Consider not using Tor for the transaction (if you
don't actually need anonymity). Don't proceed if you're unsure. You
wouldn't give card details over the phone unless you were damn sure you
were talking to the right person, and it should be exactly the same online.

Don't take anything for granted!


Attachment: signature.asc
Description: OpenPGP digital signature

tor-talk mailing list