Excluding exit nodes

Tomasz Moskal ramshackle.industries at gmail.com
Sun Feb 13 16:39:24 UTC 2011 

On Sun, 2011-02-13 at 11:17 -0500, Aplin, Justin M wrote:
> I think it's worth mentioning that as an end-user you might be focusing 
> on the wrong issues here. While there *may* be some nodes (exactly which 
> is perpetually unknown) that record unencrypted traffic, it's more 
> important to make sure that your private data (such as login 
> credentials, text containing your whereabouts, etc) is encrypted 
> end-to-end than to worry about excluding every "possibly bad" exit node. 
> For example, it's much easier to use the https version of a website 
> instead of http to protect a username/password combination than it would 
> be to hunt down anyone who might be trying to record your http 
> connection (as recording the encrypted https traffic would yield them 
> nothing). The same logic applies to other tools as well, examples being 
> using the encrypted ssh and sftp over telnet and ftp, respectively.
> 
> See 
> https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#CanexitnodeseavesdroponcommunicationsIsntthatbad 
> if you haven't already.

I'm trying to use https whenever I can (HTTPS Everywhere extension for
Firefox is very helpful here) but sadly not all websites can be accessed
in this manner. Unfortunately on some of them I'm required to log in
before proceeding to actual content. I suppose I will just have to live
with that for now... I have no need for ssh or s/ftp as for now so I'm
safe that way :-)

> again, make sure to use encrypted protocols wherever possible, and don't 
> send any personally-identifiable information when forced to use 
> unencrypted protocols, and you should be fine.

Would you recommend using not Tor connection when one is forced to use
unencrypted protocols? I think I'm safer using Tor even with unencrypted
traffic that using "regular" connection but again I can be gravely wrong
here. What do you think?

-- 
Tomasz Moskal <ramshackle.industries at gmail.com>
Encrypted mail preferred. Key ID: 2C323C82
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110213/d85eb357/attachment.pgp>

More information about the tor-talk mailing list