I've seen a couple rounds of tor fud recently. > "Tor hack reports downplayed by developers" - > http://arstechnica.com/old/content/2007/03/8964.ars
The official response to that is http://blogs.law.harvard.edu/anonymous/2007/02/26/the-rumors-of-our-demise/ It covers a couple things. Briefly skimming the introduction to that paper, it sounds to me like it's poking at how many nodes you'd need to compromise before you can make reasonable guesses about the traffic. (and some ways to increase the compromised node's attractiveness). This is certainly an idea that has always been part of tor. > Security expert used Tor to collect government e-mail passwords - > http://arstechnica.com/security/news/2007/09/security-expert-used-tor-to-collect-government-e-mail-passwords.ars > (someone was operating a fake Tor node and sniffing the traffic going though > it) I think it's highly questionable to associate this with tor. If you use plaintext auth, then yes, your network transport will see your password. No matter how anonymous your speech is, if you start it with an introduction, you've gone and killed it. Which, leads back to the original question... When you say no trace in the logs, is the mere existence of the query enough to expose the searcher? seph _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
