PDA

View Full Version : Tor clients: Do you trust them? What d0 you trust?


are
October 21st, 2010, 16:34
Hey all, I've been investigating anonymity. I feel as though I haven't been giving +Fravia's words on the subject the attention warranted. Is the use of the tor network a quick way to ensure a little privacy? I understand that all non-encrypted communication is openly exposed to "someone random," and also that the inventors of the original concept (onion routing) are a little less than trustworthy when it comes to privacy at times. Initially, the concept of tor makes me think of instant anonymity, no need to trifle with much other than cookies. But in terms of the very wide, vast Internet, I don't feel at all comfortable with my knowledge base; I've always found it safest (and much less complicating) to stick to off line reversing and so that's where my research has been adherently oriented. That said, I feel quite vulnerable all the time, but especially when participating at forums (the information a collective could know of me, as an individual --they could mail me letters about it!). What are your thoughts when it comes to making posts, etc.? Is the tor network a safe place to turn to for anonymity?

Woodmann
October 21st, 2010, 22:26
Howdy,

Nothing is really anonymous anymore.
Can you be found using a tor network? Yes.

Will most people or companies bother to do the
difficult work to discover your real IP? No.

I feel it is an advantage to use them if you
are looking at your competition so they
won't know who's poking around.

Other then that, they are usually slow.

I like them

Woodmann

are
October 22nd, 2010, 18:02
Thanks for the recommendation. I've got a browser dedicated to being anonymous now, and one for very bland stuff.
It's a shame that 'frewe speech' seeming websites frown upon the anonymous. Someday, it might be necessary and interesting to do a project on hijacking the crops of botnets (and perhaps also semi-automated http account registration programs) for anonymous and relatively less 'mal' purposes, as legisllation continues to develop in these obvious directions, reducing the net to an illusory figment of feredom.

dELTA
October 27th, 2010, 20:41
Quote:
[Originally Posted by are;87952]Is the use of the tor network a quick way to ensure a little privacy? I understand that all non-encrypted communication is openly exposed to "someone random," and also that the inventors of the original concept (onion routing) are a little less than trustworthy when it comes to privacy at times.
For privacy (aka secrecy) you should use SSL.

For anonymity when strictly consuming information (i.e. NOT submitting any form data or logging in anywhere) you can use non-encrypted connections over Tor.

For anonymity when consuming and submitting data, you must use SSL-encrypted connections over Tor, AND making sure to verify each and every SSL certificate of sites that you access.

If you follow these tips, only adversaries of the NSA kind will be able to compromise your anonymity (as long as you can trust your Tor client software to do what it says it does anyway). If you don't follow these tips you will most likely end up exposing more identifying data than if you wouldn't use Tor to begin with.

Woodmann
October 28th, 2010, 21:36
Howdy,

It depends on the data being submitted.

I use Tor's when researching the competition
and on a plain web form they dont know nothing.

I would never use a Tor for banking or
other things that require a SSL connection.

Woodmann.

Don't listen to him, he's some kind of security specialist

Seriously, I use a Tor all the time for information gathering.
No one has ever called me out.

dELTA
November 2nd, 2010, 21:08
It does indeed "depend on the data being submitted", but my point is that without extremely carefully thinking through the possibilities of deducing facts about your identity each time you submit plaintext data to different websites or systems, you (or at least I) can never feel really secure with it.

Remember also that both the people on the individual "receiving" websites can see what activities and data you expose, and the people in control of the Tor exit node could also see the collected activities and data you expose, which is extremely powerful from an identity deduction perspective.