<HTML><BODY style="word-wrap: break-word; -khtml-nbsp-mode: space; -khtml-line-break: after-white-space; "><DIV><DIV>Here's a thought... I was contemplating the ramifications of, say an exit node designed purely to log traffic directed through it. Assume the most malicious intent here too. Listening to every frame that comes out, you're bound to find something that leaks information. Has anyone considered a concept of listening on the client end and scrubbing anything that could identify (at least, electronically) you. Maybe there's a privoxy configuration or even something like a snort rule.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Has anyone given thought to some Tor-based snort rules? We could make at least outbound trivial into leaks (exact text of IP address, hostname, etc.) and detection of generic Tor traffic.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>On 1-Dec-06, at 4:14 PM, Tim Warren wrote:</DIV><BR class="Apple-interchange-newline"><BLOCKQUOTE type="cite">Thank you, just trying to make sure I understand. I will also follow that link.<BR><BR><BR><DIV><SPAN class="gmail_quote">On 12/1/06, <B class="gmail_sendername">Robert Hogan</B> <<A href="mailto:robert@roberthogan.net"> robert@roberthogan.net</A>> wrote:</SPAN><BLOCKQUOTE class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">On Friday 01 December 2006 20:55, Tim Warren wrote: <BR>> On 12/1/06, Robert Hogan <<A href="mailto:robert@roberthogan.net">robert@roberthogan.net</A>> wrote:<BR>> > The real danger with Tor is using sensitive information over http rather<BR>> > than<BR> > > https and mixing anonymous and non-anonymous traffic over the same<BR>> > circuit.<BR>> > Those two are the most common and most easy mistakes to make.<BR>><BR>> Maybe you could answer a question for me. Should I NOT login in to a site, <BR>> such as a bank, when using Tor? Or do I need to make sure it is https:?<BR>><BR>> Appreciate any clarification.<BR>><BR>> Thanks,<BR><BR>If you use https (and your browser hasn't complained about the ssl <BR>certificate) you're fine. The exit node can see everything (if they want)<BR>over http.<BR><BR>Everything after the exit node is just as good or bad as if you weren't using<BR>tor. Tor just adds an extra guy to the chain of *reputable* carriers who <BR>*could* monitor your traffic - and it is best practice to assume that at<BR>least the tor exit node is doing exactly that. see <A href="http://tor.unixgu.ru">http://tor.unixgu.ru</A><BR><BR><BR>--<BR><BR>KlamAV - An Anti-Virus Manager for KDE - <A href="http://www.klamav.net">http://www.klamav.net</A><BR>TorK - A Tor Controller For KDE - <A href="http://tork.sf.net">http://tork.sf.net</A><BR></BLOCKQUOTE></DIV><BR><BR clear="all"><BR>-- <BR>Tim Warren<BR> SD CA USA</BLOCKQUOTE></DIV><BR></BODY></HTML>