Injecting client data through your own server

Roger Dingledine arma at mit.edu
Tue Aug 30 06:12:24 UTC 2005


On Tue, Aug 30, 2005 at 01:08:42AM -0500, Arrakis Tor wrote:
> What i understood is that when you send data to the entrynode it is in
> plaintext. Only then is it encrypted and passed through the circuit.
> The entrynode can read the plaintext data, no?

No.

This is key to Tor's security.

http://tor.eff.org/overview.html

(See picture 3)

Now, it is true that when your application (e.g. Firefox) sends stuff to
Tor, it is in plaintext. This is why you should run your Tor near you,
for example on the same computer as your application.

--Roger



More information about the tor-talk mailing list