[tor-talk] [Freedombox-discuss] Tor
Eugen Leitl
eugen at leitl.org
Mon Oct 7 07:12:19 UTC 2013
----- Forwarded message from Tim Retout <diocles at debian.org> -----
Date: Sun, 06 Oct 2013 23:20:42 +0100
From: Tim Retout <diocles at debian.org>
To: freedombox-discuss <freedombox-discuss at lists.alioth.debian.org>
Subject: [Freedombox-discuss] Tor
Message-ID: <1381098042.12011.36.camel at air>
X-Mailer: Evolution 3.8.5-2
Hi all,
I have been thinking about Tor some more, especially in light of
Friday's story:
http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption
My impression is that Tor itself comes out reasonably well from what we
know, but governments will try to exploit any browser vulnerabilities,
and are running their own Tor nodes.
I still believe it's not a good idea to be routing unencrypted traffic
through Tor, and you need to be checking the certificates for the
encrypted traffic. Browser plugins are risky too.
I'm also worried about DNS. In order to properly anonymize your web
browsing, all DNS requests need to go through Tor - but right now most
sites don't use DNSSEC afaik, so are vulnerable to a MITM attack at that
level.
By the way, this page explains why you shouldn't run DNS for non-Tor
browsing over TorDNS:
https://trac.torproject.org/projects/tor/wiki/doc/DnsResolver
With all the above, I think we are a long way from being able to provide
safe web browsing over Tor to non-technical users. At least, not
without getting them to use a separate browser (probably TBB).
However, I do like the idea of running a Tor relay (not an exit node) by
default on Freedombox. Just don't use it for web browsing! SSH and
SSL-encrypted IRC are possible uses - do the DNS lookups over Tor, and
check the identity of the other end properly.
HTTPS could work, but the DNS requests (and any plain HTTP resources
required) would have to go over non-Tor anyway, so I doubt there's much
point from an anonymity point of view.
--
Tim Retout <diocles at debian.org>
_______________________________________________
Freedombox-discuss mailing list
Freedombox-discuss at lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
More information about the tor-talk
mailing list