TOR Will Change Everything

Post Reply New Topic

My brother just told me that true secrecy is now possible on the internet. In the old days, even an anonymous post could be traced to the person who sent it. Using a proxy would slow down the trace, but It could still find you. From what I understand, a new program called TOR splits up your data, sends the pieces through each a different proxy, and then puts it all together at the web site you want. TOR does the same for all data coming in.
Do you guys understand what this means? TOR MAKES IT IMPOSSIBLE TO TRACE YOU ONLINE ACTIVITY!
Is this good or bad? I don't know, thats up to the people who use it.

Just because it is impossible to trace you does not mean you are anonymous. People could still intercept the messages you send or crack any account passwords if you have poor security (weak passwords, poor encryption).

They might not know where you are but if an email or IM has your name, that's all they need.

Tor is not at all new, and it slows down your connection rather severely. Additionally, some servers will refuse any requests coming from Tor, so you may be unable to log in to some sites or access others at all. And even Tor, of course, does not provide perfect online anonymity.

there is also haystack that hides your traffic in other traffic and freenet a completely alternate internet protocol that has no conection to the "real" internet so to speak, it uses some pretty heavy encryption and convoluted code, the content however is straight out of 4chan it seems.

The thing about Tor is you shouldn't use it to log in to a system. If a login is neccessary, you might as well go direct. If you use Tor, it is entirely possible your login details will be compromised by the exit node, as your traffic is subject to any monitoring of the exit node. You are generally more secure just going directly from your computer to the host you are connecting to, as there are fewer places for your traffic to be intercepted. With Tor, it could be intercepted anywhere. A direct connection, it can only be intercepted at any host on the way. Generally, your employer (if you are using a work computer), your ISP, backbone providers used (there's only a handful of these, and once your traffic has reached here, it's rather pointless to use TOR to protect your details, as your traffic will be going here anyway), the destination's ISP, and the destination system.

Tor essentially prevents systems between your host and ISP from identifying what data is yours.

Im thinking that if someone used TOR then they would go to sites that dont require a login.

That sounds more like how TCP/IP is supposed to work... For many a year, it has never been impossible to be found; if they really want you, they'll find you...

I thought Tor was a the monster in Plan 9 from Outer Space...

TOR

=

A smarter mouse only begets a better mouse trap. TOR hasn't changed anything. Someone will always be able to find you on the Internet if they want to badly enough. And I think that stands truer now, more than ever.

ehhh.. the us gov and others also have tor exit nodes set up to scan the traffic, and they happen to be some of the fastest ones.

They said PGP would change the world, and it DID. but tor? eh... perhaps for kids, but there's better ways to get around content filters. encrypted anonomous information information transfer between two people who don't know each other and don't know who they are isn't really valuable.

99% of my instant message communication with close friends is done over OTR. the keys get changed weekly.
its not any more secure than pgp keys but less traceable, much easier to say "someone else used it and changed the key" (they aren't saved).
for more professional mailing lists, there's always pgp. been around for almost 20 years.
until quantum computers can crack the p=NP problem,, the gov will not be able to crack it, once that's in place there's otherways, the message overhead just gets higher.

that said, 98% of FBI investigations either don't need to break any encryption, or the methods the accused were using were flawed. there are several encryption apps for various phones as well. just remember that they are only as secure as the phone is.. that is to say.. not very.
its much more likely that a keylogger would be installed, or a bug set up to break into your wireless keyboard and record the keystrokes, that and rubber hose cryptography. do not dismiss that.


the only crypto system that is truely anonomous as far as i know is the
http://en.wikipedia.org/wiki/Anonymous_veto_network and
http://en.wikipedia.org/wiki/Dining_cry ... rs_problem

I concur.

I use The Onion Router Alot for some uses that I do alot of times.

Tor is slow.

not all the time I have got tor up to and over 1MB/s at my buddy's house on a torrent if linux

So as others have alluded to, Tor doesn't actually "hide you on the internet."

Strictly speaking, when Tor is used properly what happens is that your computer's TCP sessions appear to originate from a Tor exit node, rather than from wherever your computer normally seems to originate traffic.

So if you go to a site via HTTP and its login credentials handling is strictly done in HTTP, you've just sent your password in the clear [1]. Note that Tor doesn't protect you from a compromised or malicious exit node. It's technically very easy for the exit node to record inbound and outbound traffic that connects to its instance of Tor. Malicious exit nodes like this probably exist already.

It's also an unsolved research problem regarding whether or not an attacker who watches all Tor nodes on the internet can easily perform a correlation to figure out which traffic is related to which other traffic, and is therefore likely on behalf of the same human or organization of humans.

[1] It appears wrongplanet send passwords in cleartext as well by default (http://www.wrongplanet.net, then "Login"). It's up to the staff to decide if this is worth fixing (the most compatible ways to fix may require a mild money outlay), but in the meantime I hope no one uses an important password to log in here.