encrypting your communications?!
Paul Syverson
syverson at itd.nrl.navy.mil
Sat Nov 17 15:14:00 UTC 2007
On Sat, Nov 17, 2007 at 07:35:10AM -0500, Roger Dingledine wrote:
> On Sat, Nov 17, 2007 at 12:13:34PM +0000, Robert Hogan wrote:
>
> Gah. You're right.
>
> I've changed the offending sentence to:
>
> "Tor protects you by bouncing your communications around a distributed
> network of relays run by volunteers all around the world: it prevents
> somebody watching your Internet connection from learning what sites you
> visit, and it prevents the sites you visit from learning where you're
> coming from."
>
This is better. Although Much like the original concern that Robert
raised, this could be interpreted as saying that using Tor prevents
the sites you visit from learning where you're coming from (especially
since it says just that ;>). The tricky thing is how to succinctly and
clearly say to the general user that it is the networking address
information implicit in the act of connecting that is hidden, but
that's not the whole story. The onion routing project home page
phrases it thus in the opening paragraph.
The focus is on practical systems for low-latency Internet-based
connections that resist traffic analysis, eavesdropping, and other
attacks both by outsiders (e.g. Internet routers) and insiders
(Onion Routing servers themselves). Onion Routing prevents the
transport medium from knowing who is communicating with whom -- the
network knows only that communication is taking place. In addition,
the content of the communication is hidden from eavesdroppers up to
the point where the traffic leaves the OR network.
This is too geekspeakish for the intended purpose here. But it gives a
hint perhaps of what could be said. Also, apropos to Robert's
complaint the last sentence does two things: it does let people know
that traffic is encrypted against eavesdroppers within the
network. More importantly, even for people who aren't thinking about
encryption one way or the other and for people that might have been
confused by the sentence Robert noted, it succinctly and clearly tells
them that there is a part of the communication path that is not
encrypted against eavesdroppers---a part that is outside of Tor.
So a suggested revision
Tor protects you by bouncing your communications around a
distributed network of relays run by volunteers all around the
world: it prevents somebody watching your Internet connection from
learning what sites you visit. Even the Tor relay you connect to
doesn't learn that. Tor comes bundled with other protections that
combine with Tor to hide your location from the sites you visit
too. And, Tor hides what you are saying from eavesdroppers anywhere
between the point your connection leaves your computer to the point
it leaves the Tor network and heads to the site you are visiting.
I think the sentence about bundling lets even the people who can't
look two short paragraphs down know that there is more to the story,
but it still says there is a basic protection from responding sites
that they get from Tor (And, it doesn't end with a preposition ;>) I'm
torn about whether the last sentence is worth it. It's a really
important point for the reasons that prompted this exchange and other
reasons too, but maybe it is just one point too many for an opening
paragraph.
HTH,
Paul
More information about the tor-talk
mailing list