FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 12-15-2009, 10:24 AM
arshad
 
Default TOR: Can exit nodes eavesdrop on communications?

Yes, the guy running the exit node can read the bytes that come in and out there. Tor anonymizes the origin of your traffic, and it makes sure to encrypt everything inside the Tor network, but it does not magically encrypt all traffic throughout the Internet.

This is why you should always use end-to-end encryption such as SSL for sensitive Internet connections. (The corollary to this answer is that if you are worried about somebody intercepting your traffic and you're *not* using end-to-end encryption at the application layer, then something has already gone wrong and you shouldn't be thinking that Tor is the problem.)

Tor does provide a partial solution in a very specific situation, though. When you make a connection to a destination that also runs a Tor relay, Tor will automatically extend your circuit so you exit from that circuit. So for example if Indymedia ran a Tor relay on the same IP address as their website, people using Tor to get to the Indymedia website would automatically exit from their Tor relay, thus getting *better* encryption and authentication properties than just browsing there the normal way.

We'd like to make it still work even if the service is nearby the Tor relay but not on the same IP address. But there are a variety of technical problems we need to overcome first (the main one being "how does the Tor client learn which relays are associated with which websites in a decentralized yet non-gamable way?").



https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#ExitEavesdroppers



so hows this going to effect the users? i mean the exit node dont really know who is the first node (original user) right?



thank you for your time.


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 12-16-2009, 10:15 AM
Werner Schram
 
Default TOR: Can exit nodes eavesdrop on communications?

arshad wrote:
> Yes, the guy running the exit node can read the bytes that come in and
> out there. Tor anonymizes the origin of your traffic, and it makes sure
> to encrypt everything inside the Tor network, but it does not magically
> encrypt all traffic throughout the Internet.
> This is why you should always use end-to-end encryption such as SSL for
> sensitive Internet connections. (The corollary to this answer is that if
> you are worried about somebody intercepting your traffic and you're
> *not* using end-to-end encryption at the application layer, then
> something has already gone wrong and you shouldn't be thinking that Tor
> is the problem.)
> Tor does provide a partial solution in a very specific situation,
> though. When you make a connection to a destination that also runs a Tor
> relay, Tor will automatically extend your circuit so you exit from that
> circuit. So for example if Indymedia ran a Tor relay on the same IP
> address as their website, people using Tor to get to the Indymedia
> website would automatically exit from their Tor relay, thus getting
> *better* encryption and authentication properties than just browsing
> there the normal way.
> We'd like to make it still work even if the service is nearby the Tor
> relay but not on the same IP address. But there are a variety of
> technical problems we need to overcome first (the main one being "how
> does the Tor client learn which relays are associated with which
> websites in a decentralized yet non-gamable way?").
>
It would have been nice if you had told that you quoted this text from
the tor site at the beginning
> https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#ExitEavesdroppers
>
> so hows this going to effect the users? i mean the exit node dont really
> know who is the first node (original user) right?
>
The problem is that only the packet headers are anonymized, not its
contents. If there is information in the content of the packet that can
identify you, then the end node will be able to read that. For example,
if you send out your credit card information over an unencrypted channel
trough TOR, the end node would be able to read it. The owner of the end
node wouldn't know the IP adres from which this information has been
sent, but he would have your credit card details.

So for personal information, TOR alone doesn't do the job. If you
combine TOR with encryption, then the encryption makes sure the contents
of your package are unreadable for untrusted hosts, and TOR makes sure
the destination (before entry) or the origin (after entry) is unreadable.

Regards,
Werne



> thank you for your time.
>
>


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 12-16-2009, 01:59 PM
arshad
 
Default TOR: Can exit nodes eavesdrop on communications?

thank you very much werne.
your reply is very clear,
you have any suggestion on what to use for encryption?

thank you very much
On Wed, 2009-12-16 at 12:15 +0100, Werner Schram wrote:
> arshad wrote:
> > Yes, the guy running the exit node can read the bytes that come in and
> > out there. Tor anonymizes the origin of your traffic, and it makes sure
> > to encrypt everything inside the Tor network, but it does not magically
> > encrypt all traffic throughout the Internet.
> > This is why you should always use end-to-end encryption such as SSL for
> > sensitive Internet connections. (The corollary to this answer is that if
> > you are worried about somebody intercepting your traffic and you're
> > *not* using end-to-end encryption at the application layer, then
> > something has already gone wrong and you shouldn't be thinking that Tor
> > is the problem.)
> > Tor does provide a partial solution in a very specific situation,
> > though. When you make a connection to a destination that also runs a Tor
> > relay, Tor will automatically extend your circuit so you exit from that
> > circuit. So for example if Indymedia ran a Tor relay on the same IP
> > address as their website, people using Tor to get to the Indymedia
> > website would automatically exit from their Tor relay, thus getting
> > *better* encryption and authentication properties than just browsing
> > there the normal way.
> > We'd like to make it still work even if the service is nearby the Tor
> > relay but not on the same IP address. But there are a variety of
> > technical problems we need to overcome first (the main one being "how
> > does the Tor client learn which relays are associated with which
> > websites in a decentralized yet non-gamable way?").
> >
> It would have been nice if you had told that you quoted this text from
> the tor site at the beginning
> > https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#ExitEavesdroppers
> >
> > so hows this going to effect the users? i mean the exit node dont really
> > know who is the first node (original user) right?
> >
> The problem is that only the packet headers are anonymized, not its
> contents. If there is information in the content of the packet that can
> identify you, then the end node will be able to read that. For example,
> if you send out your credit card information over an unencrypted channel
> trough TOR, the end node would be able to read it. The owner of the end
> node wouldn't know the IP adres from which this information has been
> sent, but he would have your credit card details.
>
> So for personal information, TOR alone doesn't do the job. If you
> combine TOR with encryption, then the encryption makes sure the contents
> of your package are unreadable for untrusted hosts, and TOR makes sure
> the destination (before entry) or the origin (after entry) is unreadable.
>
> Regards,
> Werne
>
>
>
> > thank you for your time.
> >
> >
>
>


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 12-16-2009, 02:52 PM
Werner Schram
 
Default TOR: Can exit nodes eavesdrop on communications?

arshad wrote:
> thank you very much werne.
> your reply is very clear,
> you have any suggestion on what to use for encryption?
>
Unfortunately, it is up to websites to decide if they provide
encryption. You can see if a site is encrypted by looking at the address
bar. If the address starts with https:// your connection is encrypted.
If the address starts with http:// your connection is not encrypted.
Fortunately, most sites that require personal details from you, provide
encryption. And if they don't, you shouldn't use them.

To make it slightly more complicated (but also more complete), you
should always make sure the certificates the site uses for encryption
are in order. If you use a recent and updated browser, this is done for
you. If something is wrong with the certificate, you will see a big
warning. You should always read those warnings, and only add exceptions
if your are really sure about what you are doing.

I hope this information is clear, and I'm not scaring you of too much
To summarize: Always look for https in your address bar when giving out
personal details, and never ignore the big certificate warnings your
browser shows you!

Regards,
Werner

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 12-16-2009, 02:58 PM
Werner Schram
 
Default TOR: Can exit nodes eavesdrop on communications?

Werner Schram wrote:
> arshad wrote:
>> thank you very much werne.
>> your reply is very clear,
>> you have any suggestion on what to use for encryption?
>>
> Unfortunately, it is up to websites to decide if they provide
> encryption. You can see if a site is encrypted by looking at the
> address bar. If the address starts with https:// your connection is
> encrypted. If the address starts with http:// your connection is not
> encrypted. Fortunately, most sites that require personal details from
> you, provide encryption. And if they don't, you shouldn't use them.
>
> To make it slightly more complicated (but also more complete), you
> should always make sure the certificates the site uses for encryption
> are in order. If you use a recent and updated browser, this is done
> for you. If something is wrong with the certificate, you will see a
> big warning. You should always read those warnings, and only add
> exceptions if your are really sure about what you are doing.
>
> I hope this information is clear, and I'm not scaring you of too much
> To summarize: Always look for https in your address bar when giving
> out personal details, and never ignore the big certificate warnings
> your browser shows you!
>
For more information about certificates:
http://www.us-cert.gov/cas/tips/ST05-010.html

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 07:27 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org