Excluding exit nodes

Gregory Maxwell gmaxwell at gmail.com
Sun Feb 13 16:52:12 UTC 2011


On Sun, Feb 13, 2011 at 11:39 AM, Tomasz Moskal
<ramshackle.industries at gmail.com> wrote:
[snip]
> Would you recommend using not Tor connection when one is forced to use
> unencrypted protocols? I think I'm safer using Tor even with unencrypted
> traffic that using "regular" connection but again I can be gravely wrong
> here. What do you think?

This depends on the network near you and what risks you're worried
about being safe from.

If you're concerned about anonymity then sure, tor should pretty much
always be safer. (Though will you have anonymity when you're "logging
in"? It depends…)

As for security against eavesdropping— I think you can say that tor is
more secure in that regard than a network where you _know_ it's
happening, and less secure against that than most networks where you
are unsure.

In some cases, however, even if eavesdropping is happening it's better
if the eavesdropper is someone socially/geographically far away.  I
might be more happy about someone in japan, who mostly just wants my
passwords, reading my private messages than the sysadmin at the local
ISP who knows some of my friends personally.  Eavesdropping is also
usually far less damaging if the traffic has been successfully
anonymized.

Really, it comes down to this:  If you do not use end to end
encryption your traffic can be monitored or manipulated by a great
many people— by hackers with access to the network between you and the
other end, by the staff of network providers, potentially by
commercial agencies that ISPs have sold feeds of customer data to, by
governments along the path, etc. This is true regardless of Tor.  If
you use Tor than the people who can do these things are changed (e.g.
some other ISP instead of yours) and possibly increased (the exit
operator might be doing something nasty).

What Tor provides is the aspects of privacy that encryption can't get
you, but it doesn't replace end to end encryption.
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list