Re: Tor at heart of embassy passwords leak; "ToR isn’t the problem, just use it for what it’s made for."
coderman
coderman at gmail.com
Mon Sep 10 18:26:22 UTC 2007
On 9/10/07, Gabriel Rocha <gabe at seul.org> wrote:
> ...
> This argument is flawed insofar as when you are using Tor, it is in
> effect one of your ISPs. The correct comparison here would be that, just
> like your ISP can implement man in the middle attacks against you, so
> too, can a Tor operator.
fair enough; i'll suggest that the vast majority of ISP's don't have
the equipment or skill to implement these kinds of MITM attacks. (can
you imagine trying to play eve against arbitrary customer traffic on
an OC12+ link? that cisco switch isn't going to cut it...)
they are out to make a profit, and spending non-trivial amounts of
money for something that can only negatively impact the customer
experience is a total loss. (note that even CALEA had to sweeten the
deal for carriers just for passive eavesdropping capability which is
trivial compared to complex layer MITM attacks)
i'd love to know more about any such ISP implemented MITM
"investigative techniques" that may have been used; i've never heard
of such, but perhaps they are simply uncommon and rarely publicized.
best regards,
More information about the tor-talk
mailing list