| 1 |
On Thu, Jan 26, 2012 at 11:11 AM, Lorenzo Bandieri |
| 2 |
<lorenzo.bandieri@×××××.com> wrote: |
| 3 |
> Maybe slightly OT, but what do gentoo-users think about Tor? |
| 4 |
|
| 5 |
As an anonymising proxy, in my opinion, I consider it to be the most |
| 6 |
hostile network one could ever use. I would only use Tor from within a |
| 7 |
virtual machine that contains no other data. Ensure you are not |
| 8 |
passing logins, cookies, credit card numbers, anything useful to "bad |
| 9 |
guys" is of utmost importance. I would encrypt everything prior to |
| 10 |
sending, if possible. Validate SSL fingerprints first off-network to |
| 11 |
avoid MITM attacks. |
| 12 |
|
| 13 |
If you're looking at it from the standpoint of hidden services, with |
| 14 |
good end-to-end security maybe it would be a little safer than using |
| 15 |
it to browse the open internet... I think something like Freenet, in |
| 16 |
concept, would be even more secure since it is decentralized, does not |
| 17 |
touch the open WWW at all, and nobody has to host content on a server, |
| 18 |
but in practice the bandwidth requirements are insane, and the moral |
| 19 |
ambiguity of hosting content that is not yours and could be |
| 20 |
objectionable. The terabytes of UDP traffic every month will probably |
| 21 |
draw unwanted attention to you, too... |
| 22 |
|
| 23 |
Of course, people where the government is more of a threat than Tor |
| 24 |
hackers/poisonous nodes might be willing to live with those risks. |
| 25 |
|
| 26 |
BTW, on my servers, I receive a lot of exploit attempts from Tor exit |
| 27 |
nodes. This could also give plausible deniability to black hats: "Oh, |
| 28 |
I didn't do this illegal stuff, I was running as a Tor exit node, it |
| 29 |
could have been anyone!" |
Archives