Tor problem
in [UK Linux]
|
From: Nix on 3 Dec 2009 19:16 On 3 Dec 2009, Geoffrey Clements uttered the following: > I experimented with them a couple of years back, the main problem was that > it slowed down my network connection so much that just plain browsing became > (IMHO) unusable. This isn't surprising; the tor network is run by > volunteers, I can imagine they've throttled the packets which is fair > enough. It's not that the packets are throttled: it's that it has to bounce around a ridiculous and byzantine mass of networks, and that every packet takes a very different route to every other packet (by design). This is a worst-case for TCP/IP and leads to automatic backoff as if the link is very congested. Hence, slow. Unfortunate but unavoidable. (Note to people planning to use it for stuff the govt does not like: if you transmit unencrypted authentication tokens over that link, the Tor exit nodes can spy on it. Tor does not make encryption unnecessary, if anything it makes it *more* necessary because the data flows through many more untrusted nodes than normal.)
From: Martin Gregorie on 4 Dec 2009 08:10 On Fri, 04 Dec 2009 00:16:48 +0000, Nix wrote: > > (Note to people planning to use it for stuff the govt does not like: if > you transmit unencrypted authentication tokens over that link, the Tor > exit nodes can spy on it. Tor does not make encryption unnecessary, if > anything it makes it *more* necessary because the data flows through > many more untrusted nodes than normal.) > I'd assumed that some degree of encryption would be needed -something like privoxy to clean up outgoing messages and then an encrypted VPN tunnel to the nearest Tor node, or have I misunderstood how you connect to it? -- martin@ | Martin Gregorie gregorie. | Essex, UK org |
From: Nix on 4 Dec 2009 15:26 On 4 Dec 2009, Paul Martin verbalised: > In article <hfb1oi$jam$2(a)localhost.localdomain>, > Martin Gregorie wrote: >> On Fri, 04 Dec 2009 00:16:48 +0000, Nix wrote: > >>> (Note to people planning to use it for stuff the govt does not like: if >>> you transmit unencrypted authentication tokens over that link, the Tor >>> exit nodes can spy on it. Tor does not make encryption unnecessary, if >>> anything it makes it *more* necessary because the data flows through >>> many more untrusted nodes than normal.) >>> >> I'd assumed that some degree of encryption would be needed -something >> like privoxy to clean up outgoing messages and then an encrypted VPN >> tunnel to the nearest Tor node, or have I misunderstood how you connect >> to it? > > Tor uses encryption between you and the nearest node, and encryption > between nodes. My point was that the exit nodes can necessarily see your data.
From: Folderol on 4 Dec 2009 15:48 On Fri, 04 Dec 2009 20:26:42 +0000 Nix <nix-razor-pit(a)esperi.org.uk> wrote: > On 4 Dec 2009, Paul Martin verbalised: > > > In article <hfb1oi$jam$2(a)localhost.localdomain>, > > Martin Gregorie wrote: > >> On Fri, 04 Dec 2009 00:16:48 +0000, Nix wrote: > > > >>> (Note to people planning to use it for stuff the govt does not like: if > >>> you transmit unencrypted authentication tokens over that link, the Tor > >>> exit nodes can spy on it. Tor does not make encryption unnecessary, if > >>> anything it makes it *more* necessary because the data flows through > >>> many more untrusted nodes than normal.) > >>> > >> I'd assumed that some degree of encryption would be needed -something > >> like privoxy to clean up outgoing messages and then an encrypted VPN > >> tunnel to the nearest Tor node, or have I misunderstood how you connect > >> to it? > > > > Tor uses encryption between you and the nearest node, and encryption > > between nodes. > > My point was that the exit nodes can necessarily see your data. Quite true, so if the data itself must remain secret then encrypt it. However, if you are (say) a whistle blower, you want the data itself to be seen, you just don't want anyone to know where it came from, and Tor will do just that. -- Will J G
From: Martin Gregorie on 4 Dec 2009 20:07 On Fri, 04 Dec 2009 13:21:48 +0000, Paul Martin wrote: > In article <hfb1oi$jam$2(a)localhost.localdomain>, > Martin Gregorie wrote: >> On Fri, 04 Dec 2009 00:16:48 +0000, Nix wrote: > > >>> (Note to people planning to use it for stuff the govt does not like: >>> if you transmit unencrypted authentication tokens over that link, the >>> Tor exit nodes can spy on it. Tor does not make encryption >>> unnecessary, if anything it makes it *more* necessary because the data >>> flows through many more untrusted nodes than normal.) >>> >> I'd assumed that some degree of encryption would be needed -something >> like privoxy to clean up outgoing messages and then an encrypted VPN >> tunnel to the nearest Tor node, or have I misunderstood how you connect >> to it? > > Tor uses encryption between you and the nearest node, and encryption > between nodes. > Thanks for the clarification. -- martin@ | Martin Gregorie gregorie. | Essex, UK org |
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 Prev: Free Software Masters in EU - students line up fast Next: Wireshark query |