funneling a wireless net's outbound connections through tor

Robert Hogan robert at roberthogan.net
Mon Oct 1 18:45:28 UTC 2007


On Monday 01 October 2007 16:35:29 Mike Cardwell wrote:
>
> If you use Tor, you considerably increase the number and range of people
> that could potentially attack you. You also make yourself a tastier target.
>
> This is not a bad thing if you know how to deal with it. It *is* a bad
> thing if you don't. For example, I have only ever had attempted MITM
> attacks against my ssh sessions when using them over Tor.
>

I think torifying a user's traffic without informing him of it is a very bad 
idea. Pop3 is the best example. I don't think anyone with all the facts to 
hand would ever use a pop3 session over Tor. Whatever the merits of the 
well-you-go-over-x-hops-anyway argument (and it generally does not apply to 
pop3), tor is always x-hops + 1, and that '+ 1' could be anyone from Aunt 
Nellie to the NSA, no special privileges required.

This is one of the main challenges faced by Live CDs and other Torified 
environments - is it better to anonymize everything in the session or always 
prevent the likes of pop3 from being anonymized, ever?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20071001/d1513a6b/attachment.pgp>


More information about the tor-talk mailing list