> >> In any case, it is a certainty than that some law enforcement agencies > >> are running tor nodes; it has been spotted in actual use at many such > >> locales. Tor might a great idea but it is sadly lacking in many aspects > >> of its implementation. > > > > It would help if you were more specific here. Especially, could you > flesh out > > what you mean by, "it is sadly lacking in many aspects of its > > implementation."
It's really quite simple. If you or I can setup a tor node and use it to mitm/pop people/etc, or use it and the various tracking methods previously shown (wasnt it hd who did the js/flash callhome stuff?), then any inclined entity with the resources, can employ the same tactics at a much larger scale over as diversified and distributed as a region as their resources will allow. If you consider who has those types of resources you're basically stuck with mega-corporations, governments, telcos and potentially some spammers/botnets. While I think it's doubtful we'll see a mega-corporation involved in something like that, you never know though a few 'eccentric' board members can take you to some weird places.. Governments however, are quite obviously one entity that both has proper motivation and typically proper resources to employ it and the mega-telco's in places like the US have pretty much shown their colors already; don't fret though, i bet your countries telco's aren't any better. The spammers/phishers/botnets/etc, well it's irrelevant to this point. That all considered, it becomes obvious that, if you presume that its goal was anonymity to everyone, which is dubious at best if you consider some of its .mil background, that this is a deep design flaw. Or at least that's my opinion. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
