"Practical onion hacking: finding the real address of Tor clients"

Fabian Keil freebsd-listen at fabiankeil.de
Wed Nov 1 12:22:14 UTC 2006 

GeorgeDS <georgeds at 1net.gr> wrote:

> On Tue, 2006-10-31 at 09:49, Fabian Keil wrote:
> > George Shaffer <George.Shaffer at comcast.net> wrote:
> >  
> > > To go to
> > > a malicious site you need to encounter a site whose security has been
> > > compromised, be tricked into going to a site, be the victim of
> > > poisoned DNS, receive an email with a macro based Outlook virus that
> > > uses IE functionality, or deliberately browse fringe web sites.
> > 
> > Or you can use Tor and give every Tor exit node operator the chance
> > to render every "trusted site" that doesn't use encryption into
> > a source of malware.
> 
> If your only point is I forgot to list this, I'm guilty. Other than
> that, this seems to be an argument against using Tor.

I think it's just a fact every Tor user should be aware of.
It sure is a disadvantage, but I don't see it as a reason to stop
using Tor.
 
> Regarding systrace:
> 
> > > Looking at man, it does appear that it would be useful for
> > > controlling "developmental" software on a very secure OpenBSD system.
> > 
> > It's useful to control software in general.
> 
> "In general" I agree but there are costs as well as benefits to all
> security measures. Rational people can reach a wide range of conclusions
> regarding how much to invest and where.

Of course.

> I suspect you might be rather
> uneasy with controlling software, as in preventing customers from using
> Skype, as the Narus tools linked to below can.

It's besides the point, but given the free alternatives I don't think
anyone should be using Skype anyway. Especially not users who care
about their privacy and system security.

If an ISP thinks it's a good idea to disallow Skype usage
in its terms of service and then tries to enforce this policy,
I don't have a problem with that.

If the user wants to use Skype, she should sign up with an
ISP with less unreasonable terms of service.

> > There are several valid reason not to run a Tor server at all,
> > I just don't think that "local security" or "ISP terms of service"
> > are among them.
> 
> We will obviously continue to disagree about these. I recently came
> across http://www.narus.com/products/index.html which describes a line
> of products that allow large ISPs and broadband carriers to monitor
> everything that flows across their network. Virtually every protocol can
> be identified, and everything from any IP can be assembled into a stream
> and it's contents examined.

For Tor users this shouldn't be a big deal. I also don't see anything
exciting about Narus, I once saw a Squil presentation and if I remember
correctly it can do the basically the same.
http://sguil.sourceforge.net/index.php?page=description

Of course a patient person can already do the same thing with
less comfortable tools like tcpdump anyway.

> That barely begins to describe what the
> Narus tools can do. If you care about privacy, this is really creepy.

Maybe if you care about privacy and don't use tools like Tor
to protect it.

> Partly this is to allow carriers to conform to the wiretap laws that are
> being applied in the US and other countries, but Narus makes clear the
> carriers can use these tools for their own purposes. While resources
> should prevent an ISP or carrier from monitoring all their customers all
> the time, tools like this will allow them to focus on protocols banned
> by terms of service and identify the customers using the banned
> protocol.

Personally I think the frequent changes in wiretaping laws
are lot more frightening than the software to comply with them.

> In the case of a cable provider, there is only one in any
> specific area. If you loose your access, then you have to hope DSL is
> available, and you will normally pay more for comparable download
> speeds. Personally I want to be careful about my ISPs terms of service.

It was probably not clear enough, but I wasn't trying to say
that one shouldn't honour the ISP's terms of service. I'm just
saying that they aren't a valid reason not to run a Tor server.
They are only a reason not to run a Tor server in that ISP's
network (if you are interested in running a Tor server and I
know, you personally aren't).

Fabian
-- 
http://www.fabiankeil.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20061101/81f3b217/attachment.pgp>

More information about the tor-talk mailing list