[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: 25 tbreg relays in directory



Arjan wrote:
> Niels Elgaard Larsen wrote:
> [...]
>> I run an TOR-access-point. Users have no way of upgrading TOR on it. They probably do not
>> even know that they are using TOR. If I fail to upgrade the access-point at we lock it
>> out, the users loose the internet connection. And the users are not that anonymous anyway.
>> The wireless traffic is not through TOR.
> 
> I don't think that redirecting traffic of unsuspecting users through Tor
> is wise. Using TOR will make things less secure / anonymous for the
> people using your wireless AP.

Not if their alternative is to use the same open wireless AP without TOR.

The main reason is to protect the AP owner, not just the AP users.
The AP owner can wish not to run a non-TOR open AP for the same reasons as not to run a
TOR exit-node, e.g., because many users would suffer if the internet connection was
terminated even temporarily.

> People using an open, unencrypted, AP can have their traffic sniffed by:
> - other people nearby
> - AP owner
> - ISP of the AP owner
> - government
> - ... (depends on the destination)
> When sending the traffic over TOR, it can also be monitored by:
> - exit node operators (some owned by crackers / government agencies)
> - ISPs of exit node operators
> - governments of exit node operators

Yes, but no longer by the ISP of the AP owner or government (unless they bug the AP).

> Since the AP user doesn't know he's using TOR, he will probably transmit
> information that shows his identity. 

If someone uses an open access-points run by someone he does not know and put personal
info and identity in cleartext, the info will not be personal for long anyway and using a
TOR AP is probably better than e.g., an AP in cafe or school.

> He may end up on a government watch
> list, because they know that all TOR users are potential child
> pornographers / terrorists.

I have absolutely no problem sending my name in cleartext through TOR,  when I do not need
to be anonymous. Of course I could already be on Danish Government watch list :-)