[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How to find trust nodes?



Jason Long:
> Hello.
> How can I sure a Tor node that I connected to it is secure and is not a NSA or CIA node? 

You can't ensure that none of the Tor nodes in a particular three-node
circuit aren't run by some three-letter government agency.

There are regular checks about expired versions of Tor, poorly
configured Tor policies on nodes, or other explicit bad things, but
those only catch the most obvious insecurities.

You can run your own relay or bridge, which could at least ensure one
hop isn't compromised, not to mention the benefit for the many other Tor
users.

But ultimately, Tor's topography mitigates against one of the three
nodes in your circuit being compromised. If the first hop is
compromised, then they only know who you are, but not where your
destination is. If the last hop is compromised, they only know where
you're going, but not who you are (unless your providing clear text of
personally identifying information).

This happens to be why that quiet individual who runs one bridge or
relay is so vital to the integrity of the network.

g

-- 



5F77 765E 40D6 5340 A0F5 3401 4997 FF11 A86F 44E2
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk