LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Relicensing and rebasing LibreOffice

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

GNU/Linux free software tools to preserve your online privacy, anonymity and security (FSM)

GNU/Linux free software tools to preserve your online privacy, anonymity and security (FSM)

Posted Jul 9, 2008 0:08 UTC (Wed) by smithj (subscriber, #38034)
In reply to: GNU/Linux free software tools to preserve your online privacy, anonymity and security (FSM) by martinfick
Parent article: GNU/Linux free software tools to preserve your online privacy, anonymity and security (FSM) 

I believe he was referring to the ability of the exit node to view the traffic being sent.
This is unavoidable, given the fact the the traffic must be sent to a destination outside the
tor network.

However, this isn't a "vulnerability" or "security risk" per se. Tor is intended to
*anonomize*, not to secure traffic on an insecure protocol. Tor should be used when you don't
want the target server to know which IP you're using, or if you don't want routers along the
way to know with whom you're communicating. It does *not* provide end-to-end encryption. If
you need that, use a secure protocol such as HTTPS, SSH, etc, or simply tunnel your protocol
over SSL/SSH/VPN/whatever.

If you need end-to-end message integrity, protection against eavesdropping, and anonymity (a
whistle-blower would fit this definition, for example), the use of a secure protocol over tor
works just fine.

(Log in to post comments)

GNU/Linux free software tools to preserve your online privacy, anonymity and security (FSM)

Posted Jul 9, 2008 1:22 UTC (Wed) by salimma (subscriber, #34460) [Link] 

Indeed; my problem with the article is in the way people misuse and misrepresent what Tor
does. There is this anonymity = security misconception among the general public, and the onus
is on the article to make a clear distinction between the two.

Given what we know people actually send over Tor (unencrypted!), the header-level anonymity
they get from Tor can be essentially useless if the payload contains enough identifying
information.

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds