[Dropping the or-dev CC since this isn't related to Tor development] On Fri, Aug 18, 2006 at 10:14:29PM +0100, Robert Hogan wrote: > That aside, I think it has highlighted a security risk that Tor itself may > be > guilty of understating to new users, namely that using Tor exposes your > traffic to a much higher likelihood of being eavesdropped than normal. > > For example, I am not a network admin by day so I do not have access to > public > internet traffic through legal means. Yet I am running a Tor exit server, so > I can now legally (though unethically) listen to your internet traffic and > harvest any passwords that go by.
Actually, look at http://tor.eff.org/eff/tor-legal-faq.html.en#ExitSnooping It is an open legal question -- that is, there's no clear precedent with respect to Tor servers -- but it's probably not wise to just assume that it's legal. Also, remember that there are many jurisdictions out there, and they all have their own complex laws. > I do not think the gravity of this trade-off by the tor user (security for > anonymity) is adequately represented. I agree. Somebody should write a clear introduction to Tor, what it does, and what it doesn't do. One day that somebody will be me, but I would welcome some early versions to help me along. > Now that I see it for what it is, I am definitely going to introduce some > sort > of nag/warning to TorK so that the user is warned at least once that using > plaintext protocols carrying authentication information on Tor carries a > serious health warning. > > Am I overstating the case? Do others think that the nature of the compromise > tor users make is transparent to them? The reason I haven't emphasized the issue so far is that I think you're overstating the protection ordinary users get from the Internet as it is. For example, if you're on a local network with other users (often including everybody in your neighborhood for cablemodem systems), you're not in very good shape. Tor solves this issue, and for many users it's a huge issue. Then there's the question of the Internet infrastructure itself -- your Internet packets travel over a wide variety of places on the way to their destination. Sometimes packets get mis-routed to, well, pretty much anywhere. The chance that any hop along the way is able to observe them -- for example because of a crooked employee, but also because some Russian cracker 0wns a computer nearby in the path -- is hard to estimate in general, but from studying botnets and dealing with net security for the past decade or so, I don't feel it's as low as you imply. All that said, I agree with you that most of the danger is probably at the endpoints of the communication -- on the path from you to your entry Tor node, and on the path from your exit node to your destination. Tor solves the first issue and changes the second issue -- possibly for the worse, depending on your situation. So barring any actual data about the security of the Internet as a whole, which seems hard to get, I still stick with my answer from http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ExitEavesdroppers If you're not using end-to-end encryption, then you're in bad shape, whether you use Tor (and are exposed to one set of risks) or don't use Tor (and are exposed to a different set of risks). --Roger
