Eavesdropping on Tor traffic

Posted Sep 13, 2007 18:06 UTC (Thu) by copsewood (subscriber, #199)
Parent article: Eavesdropping on Tor traffic

Making your communications secure from both a content and a traffic analysis point of view at the same time is extremely hard. You certainly can't trust someone you don't know who is offering to help you with either requirement for free. This article in a sense points out what should be pretty obvious. The fact that perfect solutions don't and won't exist also shouldn't get in the way of building very good ones.

If you are trying to make your communications secure from extremely well-funded opponents who can obtain warrants and put radio cars and surveillance outside your door then you are going to need to adopt extreme precautions.

For the rest of us, we already have a contractual relationship based on a certain level of trust with the ISP(s) we pay to handle our communications and who therefore have a commercial interest in enhancing the integrity of these communications. These ISPs also have similar contractual relationships with peers and upstreams. This network of mutual self interest in improving the integrity of communications is the platform where I currently see the web of trust needed to make secure end-to end services (such as encrypted email) as having the best chances of being built.