following on from today's discussion
Robert Hogan
robert at roberthogan.net
Sat Aug 19 13:45:10 UTC 2006
On Friday 18 August 2006 22:39, Jay Goodman Tamboli wrote:
> On 2006.08.18, at 17:14, Robert Hogan wrote:
> > That aside, I think it has highlighted a security risk that Tor
> > itself may be
> > guilty of understating to new users, namely that using Tor exposes
> > your
> > traffic to a much higher likelihood of being eavesdropped than normal.
> >
> > For example, I am not a network admin by day so I do not have
> > access to public
> > internet traffic through legal means. Yet I am running a Tor exit
> > server, so
> > I can now legally (though unethically) listen to your internet
> > traffic and
> > harvest any passwords that go by.
>
> Is it true that your traffic is more likely to be eavesdropped upon?
>
> I am not a lawyer, but is anyone here sure that there are legal
> protections against network administrators listening that would not
> apply to Tor node operators?
>
As Roger pointed out legal restrictions probably still apply.
The problem presented by Tor isn't a question of legality, but opportunity. By
using Tor you are giving anybody running a Tor exit node the chance to
harvest your un-encrypted traffic.
Maybe the problem is that it doesn't take much to be able to run a Tor exit
node (anyone who can download tor and configure it). Maybe the problem is
that people are naive in their use of unencrypted protocols.
I would argue that the likelihood of being punished for your naivety is
greater when you use Tor than it is otherwise. And that's a problem that
needs to be brought home to new users.
But I've said this a few times now so I'm going to stop hammering on about it.
--
KlamAV - An Anti-Virus Manager for KDE - http://www.klamav.net
TorK - A Tor Controller For KDE - http://tork.sf.net
More information about the tor-dev
mailing list