TOR: Can exit nodes eavesdrop on communications?

arshad arshad3m at gmail.com
Wed Dec 16 14:59:32 UTC 2009 

thank you very much werne.
your reply is very clear,
you have any suggestion on what to use for encryption?

thank you very much
On Wed, 2009-12-16 at 12:15 +0100, Werner Schram wrote:
> arshad wrote:
> > Yes, the guy running the exit node can read the bytes that come in and
> > out there. Tor anonymizes the origin of your traffic, and it makes sure
> > to encrypt everything inside the Tor network, but it does not magically
> > encrypt all traffic throughout the Internet. 
> > This is why you should always use end-to-end encryption such as SSL for
> > sensitive Internet connections. (The corollary to this answer is that if
> > you are worried about somebody intercepting your traffic and you're
> > *not* using end-to-end encryption at the application layer, then
> > something has already gone wrong and you shouldn't be thinking that Tor
> > is the problem.) 
> > Tor does provide a partial solution in a very specific situation,
> > though. When you make a connection to a destination that also runs a Tor
> > relay, Tor will automatically extend your circuit so you exit from that
> > circuit. So for example if Indymedia ran a Tor relay on the same IP
> > address as their website, people using Tor to get to the Indymedia
> > website would automatically exit from their Tor relay, thus getting
> > *better* encryption and authentication properties than just browsing
> > there the normal way. 
> > We'd like to make it still work even if the service is nearby the Tor
> > relay but not on the same IP address. But there are a variety of
> > technical problems we need to overcome first (the main one being "how
> > does the Tor client learn which relays are associated with which
> > websites in a decentralized yet non-gamable way?").
> >   
> It would have been nice if you had told that you quoted this text from 
> the tor site at the beginning ;)
> > https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#ExitEavesdroppers
> >
> > so hows this going to effect the users? i mean the exit node dont really
> > know who is the first node (original user) right?
> >   
> The problem is that only the packet headers are anonymized, not its 
> contents. If there is information in the content of the packet that can 
> identify you, then the end node will be able to read that. For example, 
> if you send out your credit card information over an unencrypted channel 
> trough TOR, the end node would be able to read it. The owner of the end 
> node wouldn't know the IP adres from which this information has been 
> sent, but he would have your credit card details.
> 
> So for personal information, TOR alone doesn't do the job. If you 
> combine TOR with encryption, then the encryption makes sure the contents 
> of your package are unreadable for untrusted hosts, and TOR makes sure 
> the destination (before entry) or the origin (after entry) is unreadable.
> 
> Regards,
> Werne
> 
> 
> 
> > thank you for your time.
> >
> >   
> 
>

More information about the ubuntu-users mailing list