TOR: Can exit nodes eavesdrop on communications?
arshad
arshad3m at gmail.com
Wed Dec 16 14:59:32 UTC 2009
thank you very much werne.
your reply is very clear,
you have any suggestion on what to use for encryption?
thank you very much
On Wed, 2009-12-16 at 12:15 +0100, Werner Schram wrote:
> arshad wrote:
> > Yes, the guy running the exit node can read the bytes that come in and
> > out there. Tor anonymizes the origin of your traffic, and it makes sure
> > to encrypt everything inside the Tor network, but it does not magically
> > encrypt all traffic throughout the Internet.
> > This is why you should always use end-to-end encryption such as SSL for
> > sensitive Internet connections. (The corollary to this answer is that if
> > you are worried about somebody intercepting your traffic and you're
> > *not* using end-to-end encryption at the application layer, then
> > something has already gone wrong and you shouldn't be thinking that Tor
> > is the problem.)
> > Tor does provide a partial solution in a very specific situation,
> > though. When you make a connection to a destination that also runs a Tor
> > relay, Tor will automatically extend your circuit so you exit from that
> > circuit. So for example if Indymedia ran a Tor relay on the same IP
> > address as their website, people using Tor to get to the Indymedia
> > website would automatically exit from their Tor relay, thus getting
> > *better* encryption and authentication properties than just browsing
> > there the normal way.
> > We'd like to make it still work even if the service is nearby the Tor
> > relay but not on the same IP address. But there are a variety of
> > technical problems we need to overcome first (the main one being "how
> > does the Tor client learn which relays are associated with which
> > websites in a decentralized yet non-gamable way?").
> >
> It would have been nice if you had told that you quoted this text from
> the tor site at the beginning ;)
> > https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#ExitEavesdroppers
> >
> > so hows this going to effect the users? i mean the exit node dont really
> > know who is the first node (original user) right?
> >
> The problem is that only the packet headers are anonymized, not its
> contents. If there is information in the content of the packet that can
> identify you, then the end node will be able to read that. For example,
> if you send out your credit card information over an unencrypted channel
> trough TOR, the end node would be able to read it. The owner of the end
> node wouldn't know the IP adres from which this information has been
> sent, but he would have your credit card details.
>
> So for personal information, TOR alone doesn't do the job. If you
> combine TOR with encryption, then the encryption makes sure the contents
> of your package are unreadable for untrusted hosts, and TOR makes sure
> the destination (before entry) or the origin (after entry) is unreadable.
>
> Regards,
> Werne
>
>
>
> > thank you for your time.
> >
> >
>
>
More information about the ubuntu-users
mailing list