Joe Btfsplk writes: > I'm not a guru in this dept - only what I've read. Reason usually > given not to use Tor for Banking is because the Tor exit node has to > send unencrypted data to your target site (like bank PWs). Unless > your communication w/ that site was somehow encrypted (& a login PW > wouldn't be). A malicious exit node operator could sniff the > packets coming thru the relay.
Your communication with an online banking site usually _would_ be encrypted with HTTPS, which would encrypt your login password. For instance, if you were banking with Bank of America, you would normally start your login process at https://www.bankofamerica.com/ This encryption is complementary to Tor because Tor protects the anonymity of where you're connecting from, while HTTPS protects the confidentiality of your communications, including the password. There's a different problem with using Tor for online banking: some financial institutions consider it a likely sign of fraud attempts, since (for most financial institutions) few legitimate customers currently try to hide their location from the financial institution, but many people committing fraud do. If the financial institution misinterprets your Tor use as a sign of fraud, they might block your on-line access or restrict it in some way. > Just visiting a site where you're not required to enter private data > doesn't allow a malicious exit node operator (or anyone else) to > capture private data. In the case of banking, instead of just > making a direct connection between you & the bank https (using SSL / > TLS), using Tor is introducing an "unknown" 3rd party. That's > basically why. Although Tor is introducing an unknown third party, it doesn't in any way prevent you from also using HTTPS to protect your communications against that third party. In fact, all the published Tor documentation strongly urges Tor users to always use HTTPS for this reason, and the Tor Project is co-developing HTTPS Everywhere with EFF for this reason, and has now included it with the Tor Browser Bundle. > Same thing w/ unencrypted email. An exit node could intercept it > (though by far, most don't), but if it's really confidential info, > don't send unencrypted email thru Tor. If it's that confidential, > you might out to encrypt email anyway. There are services (like > Hush Mail) - for max privacy, I'd opt to install their software vs > doing everything on their servers. But if you're using webmail, you could use HTTPS to connect to the webmail operator over Tor, thereby protecting your e-mail from the exit node operator. > Also a Firefox addon, Enigmail that allows using open PGP (GNU PG) > encryption in a client like Thunderbird. Haven't used it, but been > thinking of checking it out. This can be complementary to Tor _and_ HTTPS, because e-mail encryption protects your e-mail contents from your e-mail service provider and the other person's e-mail service provider. I think it would be nice to have a threat-model diagram to show what's meant to protect you against whom, but let me try to summarize in text: Suppose you're using Hotmail (Windows Live Mail) and e-mailing with your friend who's using Gmail. If you didn't use any security tools, then, among other things, * other people on your wifi network would see what you're doing and could steal your password or read your e-mail; * your ISP could do the same thing; * the other ISPs that carry your communications to Hotmail could do the same thing; * Hotmail would record your IP address, so they would know where you are connecting from, which could be used to trace your identity or location later on; * Hotmail could read the e-mail that you ask them to deliver; * the ISPs that carry your communications between Hotmail and Gmail could read the e-mail too (depending on whether Hotmail and Gmail are successfully using a security technology called ESMTP STARTTLS); * Gmail could read the e-mail at any time after it's delivered to them; * depending on how securely your friend accesses Gmail, other people like your friend's ISP might be able to read the e-mail as your friend opens it. Also, people who are doing wiretaps (like tapping fiber optic cables or microwave links) could read the communications between ISPs, perhaps with the ISPs' knowledge or perhaps without it. This goes to show that, in the absence of security technology, there are plenty of entities that might be in a position to spy on you in some way. Different security tools try to address very different parts of this problem. Primarily, Tor tries to address the "Hotmail would record your IP address" problem. It incidentally solves the "other people on your wifi network" and "your ISP" problems while adding a new, related problem: "the Tor exit node operator could spy on you and read the e-mail". Using HTTPS to connect to Hotmail addresses the "other people on your wifi network", "your ISP", and "the other ISPs" problems, and, if you're using Tor, it also addreses "the Tor exit node operator could spy on you" problem. Using GPG addresses the "Hotmail could read the e-mail" and "Gmail could read the e-mail" problems. It partially addresses all the problems related to any ISP reading the e-mail: it prevents any of the ISPs from understanding the content of the message, but it doesn't conceal the fact that you're e-mailing a particular person at a particular time. -- Seth Schoen <sch...@eff.org> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107 _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk