[tor-talk] [Freedombox-discuss] Tor

Eugen Leitl eugen at leitl.org
Mon Oct 7 07:12:19 UTC 2013

----- Forwarded message from Tim Retout <diocles at debian.org> -----

Date: Sun, 06 Oct 2013 23:20:42 +0100
From: Tim Retout <diocles at debian.org>
To: freedombox-discuss <freedombox-discuss at lists.alioth.debian.org>
Subject: [Freedombox-discuss] Tor
Message-ID: <1381098042.12011.36.camel at air>
X-Mailer: Evolution 3.8.5-2

Hi all,

I have been thinking about Tor some more, especially in light of
Friday's story:


My impression is that Tor itself comes out reasonably well from what we
know, but governments will try to exploit any browser vulnerabilities,
and are running their own Tor nodes.

I still believe it's not a good idea to be routing unencrypted traffic
through Tor, and you need to be checking the certificates for the
encrypted traffic.  Browser plugins are risky too.

I'm also worried about DNS.  In order to properly anonymize your web
browsing, all DNS requests need to go through Tor - but right now most
sites don't use DNSSEC afaik, so are vulnerable to a MITM attack at that

By the way, this page explains why you shouldn't run DNS for non-Tor
browsing over TorDNS:


With all the above, I think we are a long way from being able to provide
safe web browsing over Tor to non-technical users.  At least, not
without getting them to use a separate browser (probably TBB).

However, I do like the idea of running a Tor relay (not an exit node) by
default on Freedombox.  Just don't use it for web browsing!  SSH and
SSL-encrypted IRC are possible uses - do the DNS lookups over Tor, and
check the identity of the other end properly.

HTTPS could work, but the DNS requests (and any plain HTTP resources
required) would have to go over non-Tor anyway, so I doubt there's much
point from an anonymity point of view.

Tim Retout <diocles at debian.org>

Freedombox-discuss mailing list
Freedombox-discuss at lists.alioth.debian.org

----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5

More information about the tor-talk mailing list