[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Excluding exit nodes



On Sun, 2011-02-13 at 11:17 -0500, Aplin, Justin M wrote:
> I think it's worth mentioning that as an end-user you might be focusing 
> on the wrong issues here. While there *may* be some nodes (exactly which 
> is perpetually unknown) that record unencrypted traffic, it's more 
> important to make sure that your private data (such as login 
> credentials, text containing your whereabouts, etc) is encrypted 
> end-to-end than to worry about excluding every "possibly bad" exit node. 
> For example, it's much easier to use the https version of a website 
> instead of http to protect a username/password combination than it would 
> be to hunt down anyone who might be trying to record your http 
> connection (as recording the encrypted https traffic would yield them 
> nothing). The same logic applies to other tools as well, examples being 
> using the encrypted ssh and sftp over telnet and ftp, respectively.
> 
> See 
> https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#CanexitnodeseavesdroponcommunicationsIsntthatbad 
> if you haven't already.

I'm trying to use https whenever I can (HTTPS Everywhere extension for
Firefox is very helpful here) but sadly not all websites can be accessed
in this manner. Unfortunately on some of them I'm required to log in
before proceeding to actual content. I suppose I will just have to live
with that for now... I have no need for ssh or s/ftp as for now so I'm
safe that way :-)

> again, make sure to use encrypted protocols wherever possible, and don't 
> send any personally-identifiable information when forced to use 
> unencrypted protocols, and you should be fine.

Would you recommend using not Tor connection when one is forced to use
unencrypted protocols? I think I'm safer using Tor even with unencrypted
traffic that using "regular" connection but again I can be gravely wrong
here. What do you think?

-- 
Tomasz Moskal <ramshackle.industries@xxxxxxxxx>
Encrypted mail preferred. Key ID: 2C323C82

Attachment: signature.asc
Description: This is a digitally signed message part