On Sun, 2009-12-27 at 17:24 +0530, arshad wrote: > On Sun, 2009-12-27 at 12:48 +0100, Nils Vogels wrote: > > On Sun, Dec 27, 2009 at 12:26, arshad <arshad3m@xxxxxxxxx> wrote: > > > i want the traffic be encrypted as well? > > > any workarounds? > > > > Traffic within TOR itself is encrypted as part of the anonimization: > > When you are in the cloud, it is almost impossible to make heads or > > tails out of the messages that are being sent. > > > > When the traffic leaves the cloud, it is sent in the same way it was > > entered into the cloud, ie. HTTP will still be HTTP, HTTPS will be > > HTTPS. > > > > If you want your traffic to be both anonymous and encrypted throughout > > the entire path, use an encrypted protocol, such as HTTPS, IMAPS, > > POP3S, etc. > > > > Please, also read http://www.torproject.org/overview.html.en it will > > answer not only this question, but also a few similar questions that > > you might have when first starting to use tor. > > > > Greets, > > > > Nils > > > > > hi, > thanks for your reply. > i mean to avoid this: > > Eavesdropping by exit nodes > In September 2007, Dan Egerstad, a Swedish security consultant, > revealed that by operating and monitoring Tor exit nodes he had > intercepted usernames and passwords for a large number of email > accounts.[17] As Tor does not, and by design cannot, encrypt the > traffic between an exit node and the target server, any exit node is > in a position to capture any traffic passing through it which does not > use end-to-end encryption, e.g. SSL. While this does not inherently > violate the anonymity of the source, it affords added opportunities > for data interception by self-selected third parties, greatly > increasing the risk of exposure of sensitive data by users who are > careless or who mistake Tor's anonymity for security.[18] > http://en.wikipedia.org/wiki/Tor_(anonymity_network) Please read what you yourself posted: > As Tor does not, and by design cannot, encrypt the traffic between an > exit node and the target server It is impossible for Tor to do what you ask. The target server needs to support some kind of encryption.
Attachment:
signature.asc
Description: This is a digitally signed message part