1 |
On Thu, Jan 26, 2012 at 11:11 AM, Lorenzo Bandieri |
2 |
<lorenzo.bandieri@×××××.com> wrote: |
3 |
> Maybe slightly OT, but what do gentoo-users think about Tor? |
4 |
|
5 |
As an anonymising proxy, in my opinion, I consider it to be the most |
6 |
hostile network one could ever use. I would only use Tor from within a |
7 |
virtual machine that contains no other data. Ensure you are not |
8 |
passing logins, cookies, credit card numbers, anything useful to "bad |
9 |
guys" is of utmost importance. I would encrypt everything prior to |
10 |
sending, if possible. Validate SSL fingerprints first off-network to |
11 |
avoid MITM attacks. |
12 |
|
13 |
If you're looking at it from the standpoint of hidden services, with |
14 |
good end-to-end security maybe it would be a little safer than using |
15 |
it to browse the open internet... I think something like Freenet, in |
16 |
concept, would be even more secure since it is decentralized, does not |
17 |
touch the open WWW at all, and nobody has to host content on a server, |
18 |
but in practice the bandwidth requirements are insane, and the moral |
19 |
ambiguity of hosting content that is not yours and could be |
20 |
objectionable. The terabytes of UDP traffic every month will probably |
21 |
draw unwanted attention to you, too... |
22 |
|
23 |
Of course, people where the government is more of a threat than Tor |
24 |
hackers/poisonous nodes might be willing to live with those risks. |
25 |
|
26 |
BTW, on my servers, I receive a lot of exploit attempts from Tor exit |
27 |
nodes. This could also give plausible deniability to black hats: "Oh, |
28 |
I didn't do this illegal stuff, I was running as a Tor exit node, it |
29 |
could have been anyone!" |