The team of PayPal is a band of pigs and cads!

Matthew pumpkin at cotse.net
Tue Aug 24 13:11:10 UTC 2010 


On 24/08/10 11:09, Michael Scheinost wrote:
> On 08/23/2010 10:04 PM, David Carlson wrote:
>> I am a newbie here.  Since they use SSL, isn't it overkill to route your
>> connection through Tor?  I know it is a pain to switch Tor on and off
> No, it's not an overkill since tor does not provide end-to-end
> encryption, but anonymity on the level of IP addresses. Actually it is
> highly recommended to use tor with ssl secured services:
> https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#CanexitnodeseavesdroponcommunicationsIsntthatbad
>
> michael

There are two different issues here: privacy and anonymity.

In terms of privacy (shielding your content from your ISP for example), the 
danger with using Tor without SSL is that the exit node can sniff your 
traffic (as can your ISP or any router between you and your destination 
unless you use SSL  - this is, of course, when you are not using Tor) and 
the exit node can also inject malicious content.  The solution is to use 
Tor with SSL.  Go to www.scroogle.org when using Tor and it will ask you to 
use its SSL service because, as it says, an exit node can potentially sniff 
your traffic.  When using Scroogle with its SSL service, any exit nodes 
cannot sniff or inject because even though the content is decrypted by the 
exit node (which is essential since the exit node needs to provide your 
request to the destination website in a manner than the website can 
understand), the content is still SSL'd (until it is un-SSL'd at the final 
website).

The other point of using Tor is to achieve anonymity.  By hiding your real 
IP you can log into sites without compromising who you are based on your 
static or NAT'd IP.

In his specific case, however, the anonymity issue would probably be a moot 
point if he is logging into his actual PayPal account, and therefore I 
suspect he simply wants to use Tor on principle.

***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

More information about the tor-talk mailing list