Newbie's questions

Michael Holstein michael.holstein at
Tue Feb 27 15:35:55 UTC 2007

> (1) Does it mean that even when I visit unencrypted sites, nobody would 
> be able to tell what sites or pages I am requesting?

Correct. As long as you're also proxying the DNS via SOCKSv4, the only 
person that could "see" your traffic in the clear is the folks between 
the exit node and the destination.

However .. if you do something like access your (real) Yahoo mail, 
someone could connect that traffic with the "real" you .. because they 
could see your name in the HTTP traffic. Thus, it's unwise to leak the 
recipe to the secret sauce, and then go check your Hotmail account all 
in the same session.

You also need to be mindful of combining your "anonymous" and "regular" 
activities .. if, for example, you allow sites to set cookies and you 
visit two sites both using DoubleClick .. that cookie will connect the 
"real" you and the "tor" you. Same goes for any website that requires 
authentication (eg: Yahoo mail, etc.). Someone could check the logs and 
say "well, I see it was TOR this time, but yesterday it was Comcast".

> (2) Can the green line be cracked by intercepting the packets or headers?

An attack against AES that's more effective than bruteforce is not (yet) 
known, so I'd say "probably not", although TOR developers are clear to 
tell you it doesn't defend against a "global adversary" (eg: 

> (3) I don't know where the encryption key is stored. Can it be stolen if 
> my pc is hacked?

The client key is in memory, so no .. unless you do something like 
suspend your laptop while TOR is running (thus writing it to disk). 
Also, it's possible to have the key written to swap accidently.

You can prevent both those problems with a "liveCD" distro that dosen't 
touch the hard disk. There are many such "internet privacy appliances", 
my personal favorite being the one based on OpenBSD (Anonym.OS).

Other general recommendations :

Firefox (dump cookies on exit, no cache, etc)
NoScript plugin (no javascript)
FlashBlock plugin (no flash)


Michael Holstein CISSP GCIA
Cleveland State University

More information about the tor-talk mailing list