TorChat is a security hazard
Paul Syverson
syverson at itd.nrl.navy.mil
Wed Feb 24 15:09:58 UTC 2010
On Wed, Feb 24, 2010 at 01:07:02PM +0100, Ansgar Wiechers wrote:
> On 2010-02-23 Paul Campbell wrote:
> > "TorChat" is an inofficial chat client for the Tor network. I like
> > the idea behind "TorChat": easy to use, usb-stick portable and runs on
> > Windows 98.
> >
> > These are the problems I see with "TorChat":
> >
> > 1. No authentication. There is no way you can know for sure that the
> > person you are chatting with is the person you chatted with yesterday.
> > Tor's hidden services don't make any such guarantees about incoming
> > connections. The clients stay anonymous.
>
> Which, if you think about it, is the whole point of anonymizing
> software.
>
Ermm, sort of. It depends whether you want to be anonymous from the
far end or just from (some part of) the communications infrastructure
between you and it. The nutshell way we've been saying this since '96
is that onion routing is not to make you anonymous from the far end
but to separate indentification from routing. If you do that, then you
can choose whether to authenticate to (e.g., ssh to a trusted location
over Tor) or be anonymous to (e.g. sensitive queries to a search
engine) the responder. Or, as is being discussed, whether you are
communicating with the same persistent pseudonym as previously.
HTH,
Paul
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list