On Mon, Aug 09, 2004 at 10:54:39AM -0400, Patrick McFarland wrote: > On Mon, 9 Aug 2004 16:29:34 +0200, Eugen Leitl <eugen@leitl.org> wrote: > > Anonymizing proxies are largely useless, if Mallory sees the last leg to the journey > > (browser<-->proxy). > > Yeah. Thats why you need to run your own privoxy and tor, so that you I'd rather have the traffic remixing part done on a fast machine close to one of the Internet backbones. I haven't installed tor/privoxy on the home network behind my ADSL, but I suspect it will be slow. Tor/privoxy as is is already pretty slow (so I'm using two instances of a browser: one proxied, for secure use, and one with direct connection). Also, such an open proxy is a useful resource for other users, provided it's not a major vulnerability for my box. > control the machine that is the last leg. (This is why I'm not too > much of a fan of an outside proxy, you can still be tracked to your > box by the owner of the proxy. Do a little man in the middle attack I am the owner of the proxy, in this case. > and someone inbetween can insert their own proxy and others can watch If it's an Stunnel with certs signed by my own CA, I'll see a MITM (active attack is very different from passive listening in terms of resources required, and leaks information that you're being attacked -- passive listening is undetectable, at least on a classical link). > your traffic too.) > > > It's largely a hypothetical threat, I hope (everybody: please don't feel > > compelled to prove me wrong, if you're reading it). > > I don't believe in the hypotheticalness of a threat. If it can be > exploited even a tiny little bit, then it's an issue. The only machine immune to attacks is one unplugged, and locked in a secure vault. And then, only maybe. Such a machine is however not very useful. I don't expect perfect protection, and use such services with that expectation in mind. -- Eugen* Leitl <a href="http://leitl.org";>leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net
Attachment:
pgp00013.pgp
Description: PGP signature