following on from today's discussion
Robert Hogan
robert at roberthogan.net
Fri Aug 18 21:14:29 UTC 2006
This has been an interesting discussion (a bit of intemperate speech is always
entertaining too).
That aside, I think it has highlighted a security risk that Tor itself may be
guilty of understating to new users, namely that using Tor exposes your
traffic to a much higher likelihood of being eavesdropped than normal.
For example, I am not a network admin by day so I do not have access to public
internet traffic through legal means. Yet I am running a Tor exit server, so
I can now legally (though unethically) listen to your internet traffic and
harvest any passwords that go by.
I do not think the gravity of this trade-off by the tor user (security for
anonymity) is adequately represented.
Now that I see it for what it is, I am definitely going to introduce some sort
of nag/warning to TorK so that the user is warned at least once that using
plaintext protocols carrying authentication information on Tor carries a
serious health warning.
Am I overstating the case? Do others think that the nature of the compromise
tor users make is transparent to them?
--
KlamAV - An Anti-Virus Manager for KDE - http://www.klamav.net
TorK - A Tor Controller For KDE - http://tork.sf.net
More information about the tor-dev
mailing list