Thread: Internet Securiity, Terrorism

Originally Posted by Seraph

TOR is insecure at exit nodes. Really no way around it. Passwords can be harvested. I think it is in one of those Wired kind of articles.

Are you sure about that? Correct me if I'm wrong here, I'm no expert. I read that this is a hyped rumour, and not in fact true. Plus it's completely down to the people running the exit nodes. Most of them are activists and believers in the ideals of TOR. And there are many thousands. Even if somebody set up a honey trap exit node, I still don't think they can trace your communication all the way back to you. It's highly theoretical anyway, and you'd have to be suspected for something really major for anyone to bother. I don't want to give an example, because it would probably probably trigger the alerts with GCHQ... But you can imagine the kind of stuff.

With the randomness of TOR, they'd have to make a large proportion of exit nodes compromised. Another strategy is to simply pick an exit node in a country that is not on super friendly terms with the country where you live. For example, I could pick an exit node in Iran, for example. It simply doesn't seem likely that anyone in Iran would co-operate with anyone in the UK with stuff like that. And you'd absolutely have to be a security service to do it.

I really only use TOR for occasionally listening to Pandora (after it was closed down outside the USA) so I wouldn't know.
But if I had some genuine reason for seriously needing to protect my identity I'd investigate it properly.
But like it-ogo I too have heard that I2P is somehow better. It's a lot of trouble to have to go to, in a supposedly free society though! Not to mention it's so slow you can't really use it for any longer periods.

To the degree that they MUST spy on people, they should spy on people who they have very clear and substantiated suspiciouns against. Nobody else!
Besides, if the USA and its allies stop neo-imperialism in the Middle East, there'd be no serious threat to worry about.

Originally Posted by Hanna

Are you sure about that? Correct me if I'm wrong here, I'm no expert. I read that this is a hyped rumour, and not in fact true. Plus it's completely down to the people running the exit nodes. Most of them are activists and believers in the ideals of TOR. And there are many thousands. Even if somebody set up a honey trap exit node, I still don't think they can trace your communication all the way back to you. It's highly theoretical anyway, and you'd have to be suspected for something really major for anyone to bother. I don't want to give an example, because it would probably probably trigger the alerts with GCHQ... But you can imagine the kind of stuff.

You have a very good point. Someone in an office could have said, 'we don't want people to use TOR, so plant a story...' On the flip side of that is that the TOR was originally developed by naval intelligence or some such, and it seems that there is a significant amount of official use, so they would have their own servers, and be able to do all the exit node monitoring they want. Doesn't the majority of traffic go through the US? Also official use needs other users to use the system, otherwise it becomes obvious that the major users are official. So they want other traffic for cover. 'absolutely have to be a security service to do it' yes, they are.
So its a question of how much effort it takes, and do you have a good reason. http://www.theregister.co.uk/2007/09...ssword_breach/
.