[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: following on from today's discussion



On Friday 18 August 2006 22:39, Jay Goodman Tamboli wrote:
> On 2006.08.18, at 17:14, Robert Hogan wrote:
> > That aside, I think it has highlighted a security risk  that Tor
> > itself may be
> > guilty of understating to new users, namely that using Tor exposes
> > your
> > traffic to a much higher likelihood of being eavesdropped than normal.
> >
> > For example, I am not a network admin by day so I do not have
> > access to public
> > internet traffic through legal means. Yet I am running a Tor exit
> > server, so
> > I can now legally (though unethically) listen to your internet
> > traffic and
> > harvest any passwords that go by.
>
> Is it true that your traffic is more likely to be eavesdropped upon?
>
> I am not a lawyer, but is anyone here sure that there are legal
> protections against network administrators listening that would not
> apply to Tor node operators?
>

As Roger pointed out legal restrictions probably still apply. 

The problem presented by Tor isn't a question of legality, but opportunity. By 
using Tor you are giving anybody running a Tor exit node the chance to 
harvest your un-encrypted traffic.  

Maybe the problem is that it doesn't take much to be able to run a Tor exit 
node (anyone who can download tor and configure it). Maybe the problem is 
that people are naive in their use of unencrypted protocols.

I would argue that the likelihood of being punished for your naivety is 
greater when you use Tor than it is otherwise. And that's a problem that 
needs to be brought home to new users.

But I've said this a few times now so I'm going to stop hammering on about it.



-- 

KlamAV - An Anti-Virus Manager for KDE - http://www.klamav.net
TorK   - A Tor Controller For KDE      - http://tork.sf.net