This has been an interesting discussion (a bit of intemperate speech is always entertaining too).
That aside, I think it has highlighted a security risk that Tor itself may be guilty of understating to new users, namely that using Tor exposes your traffic to a much higher likelihood of being eavesdropped than normal. For example, I am not a network admin by day so I do not have access to public internet traffic through legal means. Yet I am running a Tor exit server, so I can now legally (though unethically) listen to your internet traffic and harvest any passwords that go by. I do not think the gravity of this trade-off by the tor user (security for anonymity) is adequately represented. Now that I see it for what it is, I am definitely going to introduce some sort of nag/warning to TorK so that the user is warned at least once that using plaintext protocols carrying authentication information on Tor carries a serious health warning. Am I overstating the case? Do others think that the nature of the compromise tor users make is transparent to them? -- KlamAV - An Anti-Virus Manager for KDE - http://www.klamav.net TorK - A Tor Controller For KDE - http://tork.sf.net
