How can I trust all my Tor nodes in path

Total Privacy nosnoops at fastmail.fm
Sat Dec 2 19:53:33 UTC 2006


"Tim Warren" <tewarren at gmail.com> said:
> Maybe you could answer a question for me. Should I NOT login in to 
> a site, such as a bank, when using Tor? Or do I need to make sure 
> it is https:?
> 
> Appreciate any clarification.
> 
> Thanks,

I´ll put it this way, if you are registered as your real identity 
on your bank (and not going to hack somebody else´s account), then 
just log in by https directly from your machine/ISP. No need for 
hiding by using Tor. 

Then about malicious nodes. Since the Tor is be open source, it 
gotta be decompilable reversing ingengeering to whatever anybody 
want with it, such as example tap out data in between itself or 
log what in is what out to middle node and so on. If not, why not? 

A soution could be to set up a private "Tor police force" and let 
everyone that want to be accepted as a part of the system, sign 
a legally deal to let this international Tor police force (how 
about the name TPF or ITPF or TIPF) at any moment without warning 
run in to every Tor computer node/router room and get full access 
to everything in it. Of course the members of such "police force" 
should be hand picked by comprehensive test (lying detectors and 
lot of advanced stuff) to be legitimated. Every aproved Tor node 
runner should then be very happy to be granted vit such visit of 
the Tor International Police Force, because if they not find a 
compromised, modified, malicious Tor software, You´r clean! 

BTW, now I´ve also received a maybe fishing from "Hokata Japan Ltd" 
about some business and money transactions. Funny or not, the IP 
was from Italy! 

At last, I´m considerating to switch from Windows to Unix (Linux) 
and hope it is user friendly with Tor. Anybody knows about it? 

-- 
http://www.fastmail.fm - Does exactly what it says on the tin



More information about the tor-talk mailing list