Slashdot Mirror

← Back to Domains

Domain: torproject.org

Stories and comments across the archive that link to torproject.org.

Comments · 559

  1. Re:results are more important by Odiumjunkie · · Score: 3, Informative · on Will Privacy Sell?

    > If I can't find what I'm looking for, I don't care if nobody knows about it.

    Agreed. Results are paramount.

    I'd rather choose my favourite search engine based on technical merit, then take steps to protect my privacy myself. It means I get the satisfaction of not having to rely on hidden propriety code on someone else's server for my privacy.

    To get around the Google big-bad-data-retention, I find that Firefox + CookieCuller + FoxyProxy + TOR works pretty well.

  2. But the tor people *do* explain that. by Grendel+Drago · · Score: 2, Informative · on Spying On Tor
    There's a link on the tor homepage to a set of warnings; number four reads:

    Tor anonymizes the origin of your traffic, and it encrypts everything inside the Tor network, but it can't encrypt your traffic between the Tor network and its final destination. If you are communicating sensitive information, you should use as much care as you would on the normal scary Internet -- use HTTPS or other end-to-end encryption and authentication.
    The link goes to an explanation saying that you should use end-to-end encryption if you want to do more than just hide the source of your traffic. It's written in plain english, and it's fairly prominently featured on the front page. What's the problem?
  3. But the tor people *do* explain that. by Grendel+Drago · · Score: 2, Informative · on Spying On Tor
    There's a link on the tor homepage to a set of warnings; number four reads:

    Tor anonymizes the origin of your traffic, and it encrypts everything inside the Tor network, but it can't encrypt your traffic between the Tor network and its final destination. If you are communicating sensitive information, you should use as much care as you would on the normal scary Internet -- use HTTPS or other end-to-end encryption and authentication.
    The link goes to an explanation saying that you should use end-to-end encryption if you want to do more than just hide the source of your traffic. It's written in plain english, and it's fairly prominently featured on the front page. What's the problem?
  4. But the tor people *do* explain that. by Grendel+Drago · · Score: 2, Informative · on Spying On Tor
    There's a link on the tor homepage to a set of warnings; number four reads:

    Tor anonymizes the origin of your traffic, and it encrypts everything inside the Tor network, but it can't encrypt your traffic between the Tor network and its final destination. If you are communicating sensitive information, you should use as much care as you would on the normal scary Internet -- use HTTPS or other end-to-end encryption and authentication.
    The link goes to an explanation saying that you should use end-to-end encryption if you want to do more than just hide the source of your traffic. It's written in plain english, and it's fairly prominently featured on the front page. What's the problem?
  5. Re:any idiot should realize it's a hostile network by pravuil · · Score: 1 · on Spying On Tor

    Is this not something that the Tor project should have explained in clear language for those who do NOT have a basic understanding of networking?

    It does on the download page and pretty much throughout the site. Here's the download page:

    http://www.torproject.org/download.html.en

    Notice the section "Warning: Want Tor to really work?" It goes over all the pitfalls of using tor. They know what they made and they did inform the average joe that tor isn't perfect. It even clearly states the following:

    While Tor blocks attackers on your local network from discovering or influencing your destination, it opens new risks: malicious or misconfigured Tor exit nodes can send you the wrong page, or even send you embedded Java applets disguised as domains you trust.

    If you don't read about something that you assume you can trust, you are an idiot. If you don't understand that the layers of how applications/network works, you're setting yourself up for failure. The sad part is that the real criminals don't use tor, they have their own private proxies or use open virus infected systems. Wireless technologies have also been a pain in the past. A lot of cases involving leeching bandwidth end up happening because some idiot doesn't secure his router to prevent unwanted access, ie criminal intent through public access. Like everyone has said before, I'll say it for them again. There is no easy fix solution to provide security. You have to pay for it one way or another. Research before you buy and then no what the hell you are buying by seeing how the damn thing works. If you can't then it will become a big problem later on down the line.

  6. Please help us improve our documentation. by Nick+Mathewson · · Score: 5, Informative · on Spying On Tor

    Hi all. I'm one of the Tor authors.

    We're trying very hard to get out the message that you should always use encrypted protocols over Tor, if you're doing anything even slightly sensitive.

    Right now, we do this in our documentation, and in a list of warnings on our download page. But obviously, this isn't good enough, since some of the commenters here seem to be surprised at finding it out.

    Does anybody have good ideas about how to get the word out better?

    (As for the SSL MITM thing: we've run into situations like this one before. Usually, it turns out that the exit node isn't doing the MITM itself, but is getting MITMd itself by its upstream. This happens depressingly often in some countries, and in some dormitories. I've dropped a line to the directory authority operators Mike Perry (the guy who maintains the Torbutton firefox plugin) has been working on an automated detection tool for this stuff. It would be great if somebody with programming chops would step up and give him a hand.)

  7. Re:Stealing? Or Sharing? by mikek2 · · Score: 0 · on Wi-Fi Piggybacking Widespread

    x2.

    Forgetting about the abusers (whom deserve to die IMO, which, incidentally, is I why I no longer run Tor), open access is The Future.

    Neal Stephenson nailed it decade ago.

  8. Re:Well, that's what you get by unlametheweak · · Score: 1 · on Police swoop on 'Hacker of the Year'

    Another train of thought follows the logic that what is forbidden does not exist. And if it exists, simply crack down with utmost force on it, and it ceases to exist. The first mistake was arresting him.
    The second mistake was letting him free http://en.wikipedia.org/wiki/Streisand_effect.
    Just like CIA secret prisons; if you let people out of them, then they won't be secret for too long. Like in this case: http://en.wikipedia.org/wiki/Khalid_El-Masri.

    If in fact nothing arises from this then the government(s) will just end up looking more stupid than it / they already were for ignoring his warnings in the first place.

    The sad thing is that eavesdropping on Tor exit nodes isn't an original idea, and it's even posted right on the Tor Website itself https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#head-5e18f8a8f98fa9e69ffac725e96f39641bec7ac1. Why the government would want to publicize this vulnerability is a real conundrum.
  9. Re:Comcast shouldnt stand in our way by one_red_eye · · Score: 1 · on Comcast Sued Over P2P Blocking

    http://www.torproject.org/