| |||||||||||||
|
| |||||||||||||
GNU/Linux free software tools to preserve your online privacy, anonymity and security (FSM)GNU/Linux free software tools to preserve your online privacy, anonymity and security (FSM)Posted Jul 8, 2008 18:40 UTC (Tue) by salimma (subscriber, #34460)Parent article: GNU/Linux free software tools to preserve your online privacy, anonymity and security (FSM) The author seems worryingly unaware of the security risk inherent in using Tor -- one might think that in the presence of an untrusted Tor node, the system is not less secure than not using Tor at all, but it's worse, because a single compromised Tor node sees a much larger proportion of Tor traffic than a normal router sees, and the traffic the former sees are more likely to be of a confidential nature. A better solution would be one like MIT's P2P Anonymization Layer, where the sender pre-selects the path in advance (and thus could blacklist known-to-be-compromised nodes) and encrypt the data packet with the private keys of each of the selected nodes. To compromise anonymity, the first node in the chain must be compromised; to compromise confidentiality, the last node must be compromised.
(Log in to post comments)
GNU/Linux free software tools to preserve your online privacy, anonymity and security (FSM) Posted Jul 8, 2008 22:07 UTC (Tue) by martinfick (subscriber, #4455) [Link] I don't think that you understand properly how tor works. A single compromised node will not affect your anonymity. If the entrance node is affected, at worst it may divulge you and your middle node, still not your destination or exit node. If your middle node is compromised, it will not divulge you or your destination. If your exit node is compromised it will only divulge your middle node and destination, but not your entrance node or you. It would probably take at least 2 compromised nodes to make a guess at your identity and all three to positively divulge it. Nevertheless, the tor protocol is such that the tor client is selecting its own path. This way you could also eliminate any known compromised nodes from your path. If you have your doubts about tor, perhaps you should join the tor mailing list and post your questions/suspicions there; it might be very informative to you. If your suspicions turn out to be valid, I am sure that the tor project will appreciate your input.
GNU/Linux free software tools to preserve your online privacy, anonymity and security (FSM) Posted Jul 9, 2008 0:08 UTC (Wed) by smithj (subscriber, #38034) [Link] I believe he was referring to the ability of the exit node to view the traffic being sent. This is unavoidable, given the fact the the traffic must be sent to a destination outside the tor network. However, this isn't a "vulnerability" or "security risk" per se. Tor is intended to *anonomize*, not to secure traffic on an insecure protocol. Tor should be used when you don't want the target server to know which IP you're using, or if you don't want routers along the way to know with whom you're communicating. It does *not* provide end-to-end encryption. If you need that, use a secure protocol such as HTTPS, SSH, etc, or simply tunnel your protocol over SSL/SSH/VPN/whatever. If you need end-to-end message integrity, protection against eavesdropping, and anonymity (a whistle-blower would fit this definition, for example), the use of a secure protocol over tor works just fine.
GNU/Linux free software tools to preserve your online privacy, anonymity and security (FSM) Posted Jul 9, 2008 1:22 UTC (Wed) by salimma (subscriber, #34460) [Link] Indeed; my problem with the article is in the way people misuse and misrepresent what Tor does. There is this anonymity = security misconception among the general public, and the onus is on the article to make a clear distinction between the two. Given what we know people actually send over Tor (unencrypted!), the header-level anonymity they get from Tor can be essentially useless if the payload contains enough identifying information.
|
|
||||||||||||