How do we defeat exit node sniffing?
Kyle Williams
kyle.kwilliams at gmail.com
Fri Jun 6 21:37:41 UTC 2008
It also depends on what you are using Tor for.
If you are checking your e-mail (or whatever) that is associated with your
real identity, then use only HTTPS.
But if you are checking a different e-mail account that you have (1) setup
over Tor and (2) only use for anonymous purposes, then you run a very small
risk of being associated with the activity of that account.
Remember, just because your traffic is anonymous doesn't mean it's private.
So if you say "This is John Smith and my SSN is xxx-xx-xxxx" or whatever
over an anonymous connection to a blog or forum, then you are asking for
trouble. You have to be in control of your privacy.
- Kyle
On Thu, Jun 5, 2008 at 7:20 PM, defcon <defconoii at gmail.com> wrote:
> for http connections im worried about cookie sidejacking as well since some
> sites only authenticate via https and set a cookie, what can we do in this
> regard?
>
>
> On Thu, Jun 5, 2008 at 7:08 PM, Xizhi Zhu <xizhi.zhu at gmail.com> wrote:
>
>> you have to try to do the authentication with SSL/TLS. if not, your
>> username and your password will be sent to the exit nodes first, and that's
>> really terrible!
>>
>> 2008/6/6, defcon <defconoii at gmail.com>:
>>
>>> so what do you all suggest if I must authenticate to a non ssl
>>> connection? How do I do it anonymously and safely?
>>>
>>> On Thu, Jun 5, 2008 at 5:37 PM, Christopher Davis <loafier at gmail.com>
>>> wrote:
>>>
>>>> On Thu, Jun 05, 2008 at 05:01:34PM -0700, defcon wrote:
>>>> > What are some good ways to defeat exit node sniffing? Is there a
>>>> listing of
>>>> > good exit nodes that do not sniff?
>>>> > Thanks,
>>>> > defcon
>>>>
>>>>
>>>> Prefer TLS-enabled services, and mind the authenticity of server certs.
>>>> Or use Tor hidden services.
>>>>
>>>> --
>>>> Christopher Davis
>>>>
>>>
>>>
>>
>>
>> --
>> Use Tor to secure your surfing trace:
>> http://www.torproject.org/
>>
>> My blog: http://xizhizhu.blogspot.com/
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20080606/572eb0ad/attachment.htm>
More information about the tor-talk
mailing list