How can I trust all my Tor nodes in path
Robert Hogan
robert at roberthogan.net
Fri Dec 1 21:07:40 UTC 2006
On Friday 01 December 2006 20:55, Tim Warren wrote:
> On 12/1/06, Robert Hogan <robert at roberthogan.net> wrote:
> > The real danger with Tor is using sensitive information over http rather
> > than
> > https and mixing anonymous and non-anonymous traffic over the same
> > circuit.
> > Those two are the most common and most easy mistakes to make.
>
> Maybe you could answer a question for me. Should I NOT login in to a site,
> such as a bank, when using Tor? Or do I need to make sure it is https:?
>
> Appreciate any clarification.
>
> Thanks,
If you use https (and your browser hasn't complained about the ssl
certificate) you're fine. The exit node can see everything (if they want)
over http.
Everything after the exit node is just as good or bad as if you weren't using
tor. Tor just adds an extra guy to the chain of *reputable* carriers who
*could* monitor your traffic - and it is best practice to assume that at
least the tor exit node is doing exactly that. see http://tor.unixgu.ru
--
KlamAV - An Anti-Virus Manager for KDE - http://www.klamav.net
TorK - A Tor Controller For KDE - http://tork.sf.net
More information about the tor-talk
mailing list