[tor-talk] When to use and not to use tor.
Joe Btfsplk
joebtfsplk at gmx.com
Sat Jun 11 20:57:08 UTC 2011
I'm not a guru in this dept - only what I've read. Reason usually given
not to use Tor for Banking is because the Tor exit node has to send
unencrypted data to your target site (like bank PWs). Unless your
communication w/ that site was somehow encrypted (& a login PW wouldn't
be). A malicious exit node operator could sniff the packets coming thru
the relay.
Just visiting a site where you're not required to enter private data
doesn't allow a malicious exit node operator (or anyone else) to capture
private data. In the case of banking, instead of just making a direct
connection between you & the bank https (using SSL / TLS), using Tor is
introducing an "unknown" 3rd party. That's basically why.
Same thing w/ unencrypted email. An exit node could intercept it
(though by far, most don't), but if it's really confidential info, don't
send unencrypted email thru Tor. If it's that confidential, you might
out to encrypt email anyway. There are services (like Hush Mail) - for
max privacy, I'd opt to install their software vs doing everything on
their servers.
Also a Firefox addon, Enigmail that allows using open PGP (GNU PG)
encryption in a client like Thunderbird. Haven't used it, but been
thinking of checking it out.
On 6/11/2011 4:00 AM, Fernan Bolando wrote:
> Hi all
>
> I have seen posts on various websites giving a general rules on when
> and when not to use tor. I have seen, however any official
> documentation on from torproject or any of the privacy
> website like eff. Does such a documentation exists? can somebody point me to it.
>
> examples
> dont use tor in banking or financial transactions
> dont use tor in non encrypted email
>
> regards
> fernan
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
More information about the tor-talk
mailing list