On Fri, Aug 18, 2006 at 05:47:03PM -0400, Roger Dingledine wrote: > > Now that I see it for what it is, I am definitely going to introduce some > > sort > > of nag/warning to TorK so that the user is warned at least once that using > > plaintext protocols carrying authentication information on Tor carries a > > serious health warning.
Doesn't Firefox already include this warning when you try to use plaintext auth protocols on the Internet in general? Or heck, when you try to POST data to a non-ssl webpage at all? > Then there's the question of the Internet infrastructure itself -- Also consider that in many countries, the ISPs are the government or are in cahoots with the government (more countries than we might think, alas), and many users are not too thrilled about being tracked and observed by their government. Even if you trust your government completely, then you're still not safe: with the advent of data retention, there are an increasing number of juicy databases sitting around waiting to be stolen, backed up to the wrong location, lost, freely give out information to people without a suitable warrant, etc. On the one hand, in many cases ISPs have a strong financial incentive to not be too obvious about their snooping, so you are right to expect that they won't be so public and broad-sweeping with their attacks. On the other hand, if torxunixguxru is the toughest adversary that Tor users are up against, I'd be delighted. It's certainly hard to pin down the exact risks here -- there are clearly huge risks on both sides. Somebody should write up a clear concise explanation, perhaps based on some statements from this thread. :) Thanks, --Roger
